Jan 4, 2022

    Enabling TLS protocols in Arc

    # Use only TLS protocols (v1.2+) and ciphers that are known to be secure

    # TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

    # TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

    # TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

    # TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

    # TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,

    # TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,

    usesecuretls: false

    # Enable the HTTP Strict Transport Security (HSTS) response header

    # NOTE: Enabling this setting will tell the Arc client that it should only be accessed using HTTPS, instead of using HTTP.

    # Arc will set the max-age to 2 years and including subdomains

    # After changing it to true restarting Arc and establishing an initial connection, it will trigger and the header will be present on subsequent calls

    # To remove the HSTS header, one would need to set this setting to false AND remove the domain from the HSTS Cache in the Browser

    usehsts: false

    # Enable the HTTP Content-Security-Policy response header

    # This restricts access to connections to only known sources

    # If you are using external scripts in plugins they will be blocked

    usecontentsecuritypolicy: false

    # Enable to add HTTP header X-Frame-Options: DENY

    useiframedeny: false

    Related content

    Loading related content