Merge pull request #14253 from Security-Onion-Solutions/dougburks-patch-1

FIX: Add TLSv1.3 to nginx config #14252

salt/nginx/etc/nginx.conf

@@ -103,7 +103,7 @@ http {
 		ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256;
 		ssl_ecdh_curve secp521r1:secp384r1;
 		ssl_prefer_server_ciphers on;
-		ssl_protocols TLSv1.2;
+		ssl_protocols TLSv1.2 TLSv1.3;
 	}
 
 	{%- endif %}
@@ -144,7 +144,7 @@ http {
 		ssl_session_timeout  10m;
 		ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256;
 		ssl_prefer_server_ciphers on;
-		ssl_protocols TLSv1.2;
+		ssl_protocols TLSv1.2 TLSv1.3;
         location / {
         	allow all;
         	sendfile on;
@@ -177,7 +177,7 @@ http {
 		ssl_session_timeout  10m;
 		ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256;
 		ssl_prefer_server_ciphers on;
-		ssl_protocols TLSv1.2;
+		ssl_protocols TLSv1.2 TLSv1.3;
 
 		location ~* (^/login/.*|^/js/.*|^/css/.*|^/images/.*) {
 			proxy_pass            http://{{ GLOBALS.manager }}:9822;