From e522ef0e533f067beec4de39154c68615a63a74b Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 3 Sep 2021 15:27:16 +0000
Subject: [PATCH] nginx: Enable TLSv3 for conencting to upstream

---
 roles/nginx/server/templates/nginx.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/nginx/server/templates/nginx.conf.j2 b/roles/nginx/server/templates/nginx.conf.j2
index b367367..babb1b9 100644
--- a/roles/nginx/server/templates/nginx.conf.j2
+++ b/roles/nginx/server/templates/nginx.conf.j2
@@ -16,6 +16,7 @@ http {
     proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
     proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
     proxy_ssl_trusted_certificate {{ tls_certs }}/ca.crt;
+    proxy_ssl_protocols TLSv1.2 TLSv1.3;
     proxy_ssl_server_name on;
     proxy_ssl_verify on;