|
|
|
@ -58,7 +58,10 @@ namespace inbox {
|
|
|
|
ssl = yes
|
|
|
|
ssl = yes
|
|
|
|
ssl_cert = </certs/cert.pem
|
|
|
|
ssl_cert = </certs/cert.pem
|
|
|
|
ssl_key = </certs/key.pem
|
|
|
|
ssl_key = </certs/key.pem
|
|
|
|
ssl_dh = </certs/dhparam.pem
|
|
|
|
# This will be enabled once 2.3 is released
|
|
|
|
|
|
|
|
# ssl_dh = </certs/dhparam.pem
|
|
|
|
|
|
|
|
# In the meanwhile:
|
|
|
|
|
|
|
|
ssl_dh_parameters_length = 2048
|
|
|
|
# TLS hardening is based on the following documentation:
|
|
|
|
# TLS hardening is based on the following documentation:
|
|
|
|
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
|
|
|
|
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
|
|
|
|
ssl_protocols=!SSLv3 !SSLv2
|
|
|
|
ssl_protocols=!SSLv3 !SSLv2
|
|
|
|
|
kaiyou
7 years ago