dépôts / lhc / admin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Correction : etc/nginx/conf.d/ssl-pfs.conf
[lhc/admin.git] / srv / ateliers / etc / nginx / conf.d / ssl-pfs.conf
1 # DOC: http://wiki.nginx.org/HttpSslModule
2 # DOC: https://wiki.mozilla.org/Security/Server_Side_TLS
3 # DOC: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
4 # DOC: https://www.openssl.org/docs/apps/ciphers.html
5 keepalive_timeout 70;
6 add_header Strict-Transport-Security "max-age=31536000;";
7 add_header X-Frame-Options SAMEORIGIN;
8 ssl on;
9 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:kEDH+AESGCM:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4;
10 # NOTE: prioritizes algorithms that provide Perfect Forward Secrecy.
11 ssl_dhparam /etc/nginx/dhparam.4096.pem;
12 ssl_prefer_server_ciphers on;
13 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
14 ssl_session_cache shared:SSL:10m;
15 ssl_session_timeout 10m;
16 #ssl_stapling on;
17 #ssl_stapling_verify on;
18
19 # vim: ft=sh
outils d'administration d'ateliers.heureux-cyclage.org