From a7c4125853fdc12dcca7a5dae58f39a8ae636fec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E5=90=AF=E8=88=AA?=
 <101104760+ZhangSetSail@users.noreply.github.com>
Date: Thu, 6 Jun 2024 10:44:04 +0800
Subject: [PATCH] perf: modify nginx to disallow the use of lower version
 cipher suites
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 张启航 <101104760+ZhangSetSail@users.noreply.github.com>
---
 hack/contrib/docker/gateway/nginxtmp/servers.tmpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hack/contrib/docker/gateway/nginxtmp/servers.tmpl b/hack/contrib/docker/gateway/nginxtmp/servers.tmpl
index b9c1399dd..26debac2a 100644
--- a/hack/contrib/docker/gateway/nginxtmp/servers.tmpl
+++ b/hack/contrib/docker/gateway/nginxtmp/servers.tmpl
@@ -18,6 +18,7 @@ server {
     {{ if .SSLProtocols }}
     ssl_protocols {{.SSLProtocols}};
     {{ end }}
+    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4:!RSA;
     {{ if .EnableSSLStapling }}
     ssl_stapling on;
     resolver 8.8.8.8 8.8.4.4 114.114.114.114 valid=300s;