- but don't enable these by default since ssl is not enabled by default

author Arkadiusz Miśkiewicz <arekm@maven.pl>

Mon, 20 Oct 2014 15:49:18 +0000 (17:49 +0200)

committer Arkadiusz Miśkiewicz <arekm@maven.pl>

Mon, 20 Oct 2014 15:49:18 +0000 (17:49 +0200)
author Arkadiusz Miśkiewicz <arekm@maven.pl>
Mon, 20 Oct 2014 15:49:18 +0000 (17:49 +0200)
committer Arkadiusz Miśkiewicz <arekm@maven.pl>
Mon, 20 Oct 2014 15:49:18 +0000 (17:49 +0200)
diff --git a/nginx-standard.conf b/nginx-standard.conf

index 65ea70cdcb3adff3853d16750a4bf337a2127db5..aa337bdef0109ef0f21b536a531a4fd8bbc47888 100644 (file)
--- a/nginx-standard.conf
+++ b/nginx-standard.conf
@@ -41,8 +41,12 @@ http {
  
                 # https://wiki.mozilla.org/Security/Server_Side_TLS
                 # perfect forward secrecy
-               ssl_prefer_server_ciphers on;
-               ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
+               # ssl_prefer_server_ciphers on;
+               # ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
+
+               # Session resumption (caching)
+               # ssl_session_cache shared:SSL:50m;
+               # ssl_session_timeout 5m;
  
                 # ssl_certificate /etc/nginx/server.crt;
                 # ssl_certificate_key /etc/nginx/server.key;
author	Arkadiusz Miśkiewicz <arekm@maven.pl>
	Mon, 20 Oct 2014 15:49:18 +0000 (17:49 +0200)
committer	Arkadiusz Miśkiewicz <arekm@maven.pl>
	Mon, 20 Oct 2014 15:49:18 +0000 (17:49 +0200)