From ce2bbb3c7c17172473230e743631be88b98e947a Mon Sep 17 00:00:00 2001 From: Daniel Roesler Date: Sat, 24 Oct 2015 04:29:44 -0700 Subject: updated recommended nginx cipher list and added dhparam file to prevent logjam --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 03c4d7c..b22e7ae 100644 --- a/README.md +++ b/README.md @@ -280,8 +280,9 @@ server { ssl_certificate_key domain.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers EECDH+aRSA+AES256:EDH+aRSA+AES256:EECDH+aRSA+AES128:EDH+aRSA+AES128; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA; ssl_session_cache shared:SSL:50m; + ssl_dhparam /etc/nginx/server.dhparam; ssl_prefer_server_ciphers on; location / { -- cgit v1.2.3