Merge pull request #1371 from dod-ccpo/disable-cipher-export

Disable cipher export for TLS negotiation.

deploy/azure/nginx-snippets.yml

@@ -10,7 +10,7 @@ data:
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; always";
     # Set SSL protocols, ciphers, and related options
     ssl_protocols TLSv1.3 TLSv1.2;
-    ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!EXPORT;
     ssl_prefer_server_ciphers on;
     ssl_ecdh_curve X25519:prime256v1:secp384r1;
     ssl_dhparam /etc/ssl/dhparam.pem;