From 96d6b479123b3620c84670f986a8065b22a053b6 Mon Sep 17 00:00:00 2001
From: Karim <37943746+ksaadDE@users.noreply.github.com>
Date: Thu, 29 Jul 2021 18:37:55 +0000
Subject: [PATCH] Update main.yml

TLSv1.3 should be supported (+security) and soon as possible should be TLSv1.2 EOL.
---
 roles/nginx_hardening/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx_hardening/defaults/main.yml b/roles/nginx_hardening/defaults/main.yml
index 13bc790ca..8b66f51df 100644
--- a/roles/nginx_hardening/defaults/main.yml
+++ b/roles/nginx_hardening/defaults/main.yml
@@ -23,7 +23,7 @@ nginx_add_header: [
 
 nginx_set_cookie_flag: "* HttpOnly secure"
 nginx_ssl_prefer_server_ciphers: "on"
-nginx_ssl_protocols: "TLSv1.2"
+nginx_ssl_protocols: "TLSv1.2 TLSv1.3"
 nginx_ssl_ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
 nginx_ssl_session_tickets: "off"
 nginx_dh_size: "2048"