12 lines
597 B
Text
12 lines
597 B
Text
ssl_prefer_server_ciphers on;
|
|
# not possible to do exclusive
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
|
|
|
|
ssl_dhparam /etc/ssl/private/dhparams.pem;
|
|
|
|
# add HSTS Header
|
|
add_header Strict-Transport-Security max-age=15768000; # six months
|
|
# Use a SSL/TLS cache for SSL session resume.
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|