diff options
author | Daniel Roesler <diafygi@gmail.com> | 2015-10-24 04:29:44 -0700 |
---|---|---|
committer | Daniel Roesler <diafygi@gmail.com> | 2015-10-24 04:29:44 -0700 |
commit | ce2bbb3c7c17172473230e743631be88b98e947a (patch) | |
tree | 82a1d519e4c3479c72de2531f0fdfa3afa325090 /README.md | |
parent | 97e9735764f9142703d25b37dc2db1a5d95cb8eb (diff) |
updated recommended nginx cipher list and added dhparam file to prevent logjam
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -280,8 +280,9 @@ server { ssl_certificate_key domain.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers EECDH+aRSA+AES256:EDH+aRSA+AES256:EECDH+aRSA+AES128:EDH+aRSA+AES128; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA; ssl_session_cache shared:SSL:50m; + ssl_dhparam /etc/nginx/server.dhparam; ssl_prefer_server_ciphers on; location / { |