From 98c669e80bd3ab62c86b08f448e07a1925f82232 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 28 Oct 2020 14:29:29 -0400
Subject: [PATCH] Disable nginx server version and TLSv1.0/TLSv1.1

---
 salt/nginx/etc/nginx.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index facfb4c22..6cc7427fc 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -36,6 +36,8 @@ http {
 	types_hash_max_size 2048;
 	client_max_body_size 2500M;
 
+	server_tokens off;
+
 	include             /etc/nginx/mime.types;
 	default_type        application/octet-stream;
 
@@ -88,6 +90,7 @@ http {
 		ssl_session_timeout  10m;
 		ssl_ciphers HIGH:!aNULL:!MD5;
 		ssl_prefer_server_ciphers on;
+		ssl_protocols TLSv1.2;
 	}
 
 	{%- endif %}
@@ -105,6 +108,7 @@ http {
 		ssl_session_timeout  10m;
 		ssl_ciphers HIGH:!aNULL:!MD5;
 		ssl_prefer_server_ciphers on;
+		ssl_protocols TLSv1.2;
 
 		location /fleet/ {
 			proxy_pass https://{{ main_ip }}:8080;
@@ -151,7 +155,7 @@ http {
 		ssl_session_timeout  10m;
 		ssl_ciphers HIGH:!aNULL:!MD5;
 		ssl_prefer_server_ciphers on;
-
+		ssl_protocols TLSv1.2;
 
 		location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
 			proxy_pass            http://{{ url_base }}:9822;