|
|
|
@ -57,6 +57,8 @@ namespace inbox {
|
|
|
|
ssl = yes
|
|
|
|
ssl = yes
|
|
|
|
ssl_cert = </certs/cert.pem
|
|
|
|
ssl_cert = </certs/cert.pem
|
|
|
|
ssl_key = </certs/key.pem
|
|
|
|
ssl_key = </certs/key.pem
|
|
|
|
|
|
|
|
# TLS hardening is based on the following documentation:
|
|
|
|
|
|
|
|
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
|
|
|
|
ssl_protocols=!SSLv3 !SSLv2
|
|
|
|
ssl_protocols=!SSLv3 !SSLv2
|
|
|
|
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
|
|
|
|
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
|
|
|
|
ssl_prefer_server_ciphers = yes
|
|
|
|
ssl_prefer_server_ciphers = yes
|
|
|
|
|
Pierre Jaury
8 years ago