User Tools

Site Tools


nginx:tls

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
nginx:tls [2015-03-18 11:38]
gabriel added nginx config
nginx:tls [2015-03-18 11:40] (current)
gabriel [Basic nginx configuration]
Line 16: Line 16:
   # HTTP Strict Transport Security header   # HTTP Strict Transport Security header
   add_header Strict-Transport-Security "​max-age=31536000;​ includeSubDomains;​ preload";​   add_header Strict-Transport-Security "​max-age=31536000;​ includeSubDomains;​ preload";​
-  # enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated or TLSv1 which has +  # enables all versions of TLS, but not SSLv2 or 3 which are weak and now 
-  # its own problems+  # deprecated or TLSv1 which has its own problems
   ssl_protocols TLSv1.1 TLSv1.2;   ssl_protocols TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;   ssl_prefer_server_ciphers on;
-  # disables all weak ciphers and prefers AESGCM but fall back to other elliptic curve ciphers if necessary+  # disables all weak ciphers and prefers AESGCM but fall back to other 
 +  # elliptic curve ciphers if necessary
   ssl_ciphers "​ECDH+AESGCM:​ECDH+AES256:​ECDH+AES128:​!aNULL:​!eNULL:​!EXPORT:​!MEDIUM:​!LOW:​!DES:​!MD5:​!SHA1:​!PSK:​!RC4";​   ssl_ciphers "​ECDH+AESGCM:​ECDH+AES256:​ECDH+AES128:​!aNULL:​!eNULL:​!EXPORT:​!MEDIUM:​!LOW:​!DES:​!MD5:​!SHA1:​!PSK:​!RC4";​
 </​code>​ </​code>​
nginx/tls.txt · Last modified: 2015-03-18 11:40 by gabriel