From dbb741676d3494327b1968e9963d115053a41413 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@linuxprogramming.mshome.net>
Date: Mon, 3 Jun 2019 21:10:30 -0600
Subject: [PATCH] missing semicolon, disable early SSL by default

---
 etc/nginx/conf.d/mozModern_ssl.conf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/etc/nginx/conf.d/mozModern_ssl.conf b/etc/nginx/conf.d/mozModern_ssl.conf
index cb16e8d..60ea872 100644
--- a/etc/nginx/conf.d/mozModern_ssl.conf
+++ b/etc/nginx/conf.d/mozModern_ssl.conf
@@ -15,9 +15,10 @@ ssl_session_tickets off;
 
 # SSL ciphers
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
+ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
 ssl_prefer_server_ciphers on;
-ssl_early_data on;
+# if your NGINX build supports this and is using TLSv1.3, then enable
+#ssl_early_data on;
 
 # Diffie-Hellman parameter for DHE cipher suites, using 4096 bits
 ssl_dhparam <path/to/your_dhparam.pem>;