]> git.pld-linux.org Git - packages/nginx.git/commitdiff
projects / packages / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e344670)
- update to current intermediate mozilla recommendation
authorArkadiusz Miśkiewicz <arekm@maven.pl>
Tue, 22 Oct 2019 12:49:42 +0000 (14:49 +0200)
committerArkadiusz Miśkiewicz <arekm@maven.pl>
Tue, 22 Oct 2019 12:49:42 +0000 (14:49 +0200)
nginx.conf patch | blob | blame | history

diff --git a/nginx.conf b/nginx.conf
index 701b61d6b9d98cf9220e968bfd0f4a6fd8e24b29..63f7a9ecb59aab5c4b61ba93b531039c3a19cf24 100644 (file)
--- a/nginx.conf
+++ b/nginx.conf
@@ -57,13 +57,15 @@ http {
                #ssl_dhparam /etc/nginx/dhparam.pem;
 
                # modern tweak to your needs.
-               # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.1.1&hsts=yes&profile=modern
-               #ssl_protocols TLSv1.2 TLSv1.3;
-               #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
-               #ssl_prefer_server_ciphers on;
+               # https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate
 
-               # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
-               #add_header Strict-Transport-Security max-age=15768000;
+               # intermediate configuration
+               # ssl_protocols TLSv1.2 TLSv1.3;
+               # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+               # ssl_prefer_server_ciphers off;
+
+               # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+               # add_header Strict-Transport-Security "max-age=63072000" always;
 
                # OCSP Stapling ---
                # fetch OCSP records from URL in ssl_certificate and cache them
High perfomance HTTP and reverse proxy server
This page took 0.095711 seconds and 4 git commands to generate.