nginx:tls
Differences
This shows you the differences between two versions of the page.
Last revisionBoth sides next revision | |||
nginx:tls [2015-03-07 02:27] – created gabriel | nginx:tls [2015-03-18 11:38] – added nginx config gabriel | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Transport Layer Security ====== | ====== Transport Layer Security ====== | ||
+ | |||
+ | This page will document some sane settings for modern TLS security in nginx. | ||
+ | |||
+ | ===== Basic nginx configuration ===== | ||
+ | |||
+ | < | ||
+ | # SSL configuration | ||
+ | listen 443 ssl spdy default_server; | ||
+ | ssl_certificate / | ||
+ | ssl_certificate_key / | ||
+ | # OCSP stapling support | ||
+ | ssl_stapling on; | ||
+ | ssl_stapling_verify on; | ||
+ | ssl_trusted_certificate / | ||
+ | # HTTP Strict Transport Security header | ||
+ | add_header Strict-Transport-Security " | ||
+ | # enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated or TLSv1 which has | ||
+ | # its own problems | ||
+ | ssl_protocols TLSv1.1 TLSv1.2; | ||
+ | ssl_prefer_server_ciphers on; | ||
+ | # disables all weak ciphers and prefers AESGCM but fall back to other elliptic curve ciphers if necessary | ||
+ | ssl_ciphers " | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== TLS/SSL tips and tricks ===== | ||
TLS/SSL Server Test: https:// | TLS/SSL Server Test: https:// |
nginx/tls.txt · Last modified: 2015-03-18 11:40 by gabriel