koodiklinikka/playbooks
1
0
Fork 0
mirror of https://github.com/koodiklinikka/playbooks.git synced 2026-01-26 11:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
730053c03b850c83b5d73b5ae56df35c445a9af9
playbooks/files/nginx/ssl_profile.conf
Niko Kurtti 34553aa6f4 initial
2015-03-24 12:18:13 +02:00

26 lines
630 B
Plaintext
Raw Blame History

# POODLE, PFS etc
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES128+EECDH:AES128+EDH';
# Diffie Hellman
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# SSL stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/combined_startssl.pem;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 3s;
# Enable HSTS
add_header Strict-Transport-Security max-age=63072000;
# Do not permit Content-Type sniffing.
add_header X-Content-Type-Options nosniff;
# https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
Reference in New Issue View Git Blame Copy Permalink