Skip to content
This repository has been archived by the owner on Jun 27, 2018. It is now read-only.

Webserver configuration #306

Open
hellow554 opened this issue Jun 15, 2018 · 0 comments
Open

Webserver configuration #306

hellow554 opened this issue Jun 15, 2018 · 0 comments

Comments

@hellow554
Copy link

There are a plenty of improvements that can be made according to ssllabs.
First you should generate your own DH-Parameter

openssl dhparam -out dhparam4096.pem 4096

and then use them in your nginx config file

ssl_dhparam /etc/nginx/dhparam4096.pem;

Disable TLS 1.0:

ssl_protocols TLSv1.1 TLSv1.2;

Enable session caching:

ssl_session_cache shared:ssl_session_cache:10m;

Disable weak cipher:

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;

For a complete list, see https://cipherli.st/
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hellow554