koodiklinikka/playbooks
1
0
Fork 0
mirror of https://github.com/koodiklinikka/playbooks.git synced 2026-01-26 03:03:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
playbooks/files/nginx/ssl_profile.conf
Niko Kurtti 34553aa6f4 initial
2015-03-24 12:18:13 +02:00

26 lines
630 B
Plaintext
Raw Permalink Blame History

# POODLE, PFS etc
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES128+EECDH:AES128+EDH';
# Diffie Hellman
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# SSL stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/combined_startssl.pem;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 3s;
# Enable HSTS
add_header Strict-Transport-Security max-age=63072000;
# Do not permit Content-Type sniffing.
add_header X-Content-Type-Options nosniff;
# https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
Reference in New Issue View Git Blame Copy Permalink