tentakelfabrik
/
mcp
1
0
Fork 0
Code Issues 8 Pull Requests 0 Releases 4 Wiki Activity
OpenSource CLI-App to install and handle stuff related to Web-Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 Commits
4 Branches
456 KiB
Tree: 38c36f11de
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '38c36f11de'
${ noResults }
mcp/resources/nginx/snippets/ssl-params.conf

15 lines
608 B
Raw Normal View History

adding #20
4 years ago
 
  1. # from https://cipherli.st/
  2. # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  3. 

  4. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  5. ssl_prefer_server_ciphers on;
  6. ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
  7. ssl_ecdh_curve secp384r1;
  8. ssl_session_cache shared:SSL:10m;
  9. ssl_session_tickets off;
  10. ssl_stapling on;
  11. ssl_stapling_verify on;
  12. resolver 8.8.8.8 8.8.4.4 valid=300s;
  13. resolver_timeout 5s;
  14. 

  15. ssl_dhparam /etc/ssl/certs/dhparam.pem;