Enabling TLS Protocols in Arc
Enabling TLS Protocols in Arc
This page provides a reference for all TLS and security-related settings available in the Arc settings.yml file. These settings allow you to harden the Arc server for production environments.
Security Settings Overview
Add any of the following parameters to settings.yml to enable the corresponding security feature:
# Use only TLS v1.2+ protocols and secure ciphers
usesecuretls: false
# Enable HTTP Strict Transport Security (HSTS) header
# Forces Arc clients to use HTTPS only
# Arc sets max-age to 2 years, including subdomains
# To remove HSTS: set to false AND clear the domain from browser HSTS cache
usehsts: false
# Enable HTTP Content-Security-Policy header
# Restricts connections to known sources only
# Note: external scripts in plugins will be blocked
usecontentsecuritypolicy: false
# Add X-Frame-Options: DENY header
# Prevents Arc from being embedded in iframes
useiframedeny: falseSupported TLS Cipher Suites (when usesecuretls: true)
When usesecuretls is enabled, Arc will only accept connections using the following cipher suites:
Cipher Suite |
|---|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 |
Related Pages
Using TLS Protocols v1.2+ with Arc — step-by-step to enable
usesecuretlsHTTP Strict Transport Security (HSTS) — step-by-step to enable
usehstsArc settings.yml File — full settings reference