From 450be78898d658526047a88613b09f382c1967c7 Mon Sep 17 00:00:00 2001 From: kaiyou Date: Fri, 7 Feb 2020 15:25:29 +0100 Subject: [PATCH] Update the tlv1 faq to indicate that a full config rewrite is required --- docs/faq.rst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/faq.rst b/docs/faq.rst index 382d037b..0c408754 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -475,15 +475,18 @@ In any case, using a dedicated DNS server will improve the performance of your m Is there a way to support more (older) ciphers? ``````````````````````````````````````````````` -See `How can I override settings?`_ . -You will need to add the protocols you wish to support in an override for the ``front`` container (Nginx). +You will need to rewrite the `tls.conf` template of the `front` container in `core/nginx`. + +You can set the protocols as follow: .. code-block:: bash ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ; -We **strongly** advice against downgrading the TLS version and ciphers! +After applying the change, you will need to rebuild the image and use it in your deployment. + +We **strongly** advice against downgrading the TLS version and ciphers, please upgrade your client instead! We will not support a more standard way of setting this up. *Issue reference:* `363`_, `698`_.