|
|
@ -61,7 +61,8 @@ ssl_key = </certs/key.pem
|
|
|
|
# TLS hardening is based on the following documentation:
|
|
|
|
# TLS hardening is based on the following documentation:
|
|
|
|
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
|
|
|
|
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
|
|
|
|
ssl_protocols=!SSLv3 !SSLv2
|
|
|
|
ssl_protocols=!SSLv3 !SSLv2
|
|
|
|
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
|
|
|
|
# ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
|
|
|
|
|
|
|
|
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
|
|
|
|
ssl_prefer_server_ciphers = yes
|
|
|
|
ssl_prefer_server_ciphers = yes
|
|
|
|
ssl_dh_parameters_length = 2048
|
|
|
|
ssl_dh_parameters_length = 2048
|
|
|
|
ssl_options = no_compression
|
|
|
|
ssl_options = no_compression
|
|
|
|