Skip to content
This repository was archived by the owner on Jun 27, 2018. It is now read-only.
This repository was archived by the owner on Jun 27, 2018. It is now read-only.

Webserver configuration #306

Open
Open
Webserver configuration#306
@hellow554

Description

@hellow554
hellow554
opened on Jun 15, 2018

There are a plenty of improvements that can be made according to ssllabs.
First you should generate your own DH-Parameter

openssl dhparam -out dhparam4096.pem 4096

and then use them in your nginx config file

ssl_dhparam /etc/nginx/dhparam4096.pem;

Disable TLS 1.0:

ssl_protocols TLSv1.1 TLSv1.2;

Enable session caching:

ssl_session_cache shared:ssl_session_cache:10m;

Disable weak cipher:

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;

For a complete list, see https://cipherli.st/

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions