From dc56307ddd8d4609933910da0ef6ad83d334d5ce Mon Sep 17 00:00:00 2001
From: bprieshof <bprieshof@noreply.example.org>
Date: Thu, 29 Aug 2019 12:05:48 +0200
Subject: [PATCH] Update 'config/nginx/nginx-default.conf'

---
 config/nginx/nginx-default.conf | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/config/nginx/nginx-default.conf b/config/nginx/nginx-default.conf
index e874777..211e4f3 100644
--- a/config/nginx/nginx-default.conf
+++ b/config/nginx/nginx-default.conf
@@ -28,11 +28,16 @@ http {
 	include /etc/nginx/mime.types;
 	default_type text/html;
 
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_protocols TLSv1.3 TLSv1.2;
 	ssl_prefer_server_ciphers on;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
     ssl_session_cache shared:SSL:20m;
     ssl_session_timeout 180m;
+    ssl_ecdh_curve secp384r1;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+	add_header X-Frame-Options sameorigin;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Xss-Protection "1; mode=block";
 
     #access_log /var/log/nginx/access.log;
     access_log off;