services.nginx.sslCiphers
NixOS option
List of available cipher suites to choose from when negotiating TLS sessions. This option only handles cipher suites up to TLSv1.2. Use ssl_conf_command CipherSuites to configure TLSv1.3 cipher suites.
type: null or string or list of stringDefault
declared in: nixos/modules/services/web-servers/nginx/default.nixView source on NixOS/nixpkgs →[ "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-ECDSA-CHACHA20-POLY1305" "ECDHE-RSA-CHACHA20-POLY1305" ]