This repository has been archived on 2024-01-26. You can view files and clone it, but cannot push or open issues or pull requests.
nginx-config/conf.d/ssl.conf

13 lines
597 B
Text
Raw Normal View History

2016-05-21 14:27:40 +02:00
ssl_prefer_server_ciphers on;
# not possible to do exclusive
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
ssl_dhparam /etc/ssl/private/dhparams.pem;
# add HSTS Header
add_header Strict-Transport-Security max-age=15768000; # six months
# Use a SSL/TLS cache for SSL session resume.
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;