From 5b283c7804bb482a7d3ef0f238e6ac03cae2adad Mon Sep 17 00:00:00 2001
From: Fenris Wolf <fenris@folksprak.org>
Date: Thu, 9 Oct 2025 01:45:37 +0200
Subject: [PATCH] [task-406] nginx

---
 roles/nginx/files/ssl-hardening.conf | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 roles/nginx/files/ssl-hardening.conf

diff --git a/roles/nginx/files/ssl-hardening.conf b/roles/nginx/files/ssl-hardening.conf
deleted file mode 100644
index 1d5f5f4..0000000
--- a/roles/nginx/files/ssl-hardening.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-ssl_session_timeout 1d;
-ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
-ssl_session_tickets off;
-
-# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
-ssl_dhparam /etc/nginx/dhparam;
-
-# intermediate configuration
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-ssl_prefer_server_ciphers off;
-
-# HSTS (ngx_http_headers_module is required) (63072000 seconds)
-add_header Strict-Transport-Security "max-age=63072000" always;
-
-# OCSP stapling
-ssl_stapling on;
-ssl_stapling_verify on;