updated recommended nginx cipher list and added dhparam file to prevent logjam

author: Daniel Roesler <diafygi@gmail.com> 2015-10-24 04:29:44 -0700
committer: Daniel Roesler <diafygi@gmail.com> 2015-10-24 04:29:44 -0700
commit: ce2bbb3c7c17172473230e743631be88b98e947a (patch)
tree: 82a1d519e4c3479c72de2531f0fdfa3afa325090 /README.md
parent: 97e9735764f9142703d25b37dc2db1a5d95cb8eb (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/README.md b/README.md
index 03c4d7c..b22e7ae 100644
--- a/README.md
+++ b/README.md
@@ -280,8 +280,9 @@ server {
     ssl_certificate_key domain.key;
     ssl_session_timeout 5m;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers EECDH+aRSA+AES256:EDH+aRSA+AES256:EECDH+aRSA+AES128:EDH+aRSA+AES128;
+    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
     ssl_session_cache shared:SSL:50m;
+    ssl_dhparam /etc/nginx/server.dhparam;
     ssl_prefer_server_ciphers on;
 
     location / {
author	Daniel Roesler <diafygi@gmail.com>	2015-10-24 04:29:44 -0700
committer	Daniel Roesler <diafygi@gmail.com>	2015-10-24 04:29:44 -0700
commit	ce2bbb3c7c17172473230e743631be88b98e947a (patch)
tree	82a1d519e4c3479c72de2531f0fdfa3afa325090 /README.md
parent	97e9735764f9142703d25b37dc2db1a5d95cb8eb (diff)