Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # before than please generate a 2048 bit DHPARAM: openssl dhparam -out /etc/nginx/dhparam.pem 2048
- #
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
- ssl_session_cache shared:TLS:20m;
- ssl_session_cache shared:SSL:20m;
- ssl_session_cache shared:ssl_session_cache:20m;
- ssl_session_timeout 180m;
- # OCSP stapling
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_dhparam /etc/nginx/dhparam.pem;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
