DO Ideas 2

Define approved SSL protocols in DO Load Balancers.

We would like a way to enforce SSL protocols (TLSv1.2, only) in our Digital Ocean LBs. We want our DO LBs to support what protocols the reverse proxies allow; which we've limited to TLSv1.2.

Nginx Config:

# SSL v2 is insecure, so we need to disable it. We also disable SSLv3,

# as TLS 1.0 suffers a downgrade attack

ssl_protocols TLSv1.2;
  • Nicholas Houle
  • Oct 11 2018
  • Attach files