From ce2bbb3c7c17172473230e743631be88b98e947a Mon Sep 17 00:00:00 2001
From: Daniel Roesler <diafygi@gmail.com>
Date: Sat, 24 Oct 2015 04:29:44 -0700
Subject: updated recommended nginx cipher list and added dhparam file to
 prevent logjam

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 03c4d7c..b22e7ae 100644
--- a/README.md
+++ b/README.md
@@ -280,8 +280,9 @@ server {
     ssl_certificate_key domain.key;
     ssl_session_timeout 5m;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers EECDH+aRSA+AES256:EDH+aRSA+AES256:EECDH+aRSA+AES128:EDH+aRSA+AES128;
+    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
     ssl_session_cache shared:SSL:50m;
+    ssl_dhparam /etc/nginx/server.dhparam;
     ssl_prefer_server_ciphers on;
 
     location / {
-- 
cgit v1.2.3