summaryrefslogtreecommitdiffstats
path: root/roles/common-web/files/etc/nginx/ssl/config
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-05-26 00:55:19 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:53:52 +0200
commit64e8603cf9790aa4419d0f2746671bd242e6344d (patch)
treea54c623bbe44f52c583bacf80848d3b9d4467abe /roles/common-web/files/etc/nginx/ssl/config
parent6b424a8f4155dea449b1dde746eae77bded63f7c (diff)
logjam mitigation.
Diffstat (limited to 'roles/common-web/files/etc/nginx/ssl/config')
-rw-r--r--roles/common-web/files/etc/nginx/ssl/config1
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/ssl/config
index 7deef29..26a64f4 100644
--- a/roles/common-web/files/etc/nginx/ssl/config
+++ b/roles/common-web/files/etc/nginx/ssl/config
@@ -12,6 +12,7 @@ ssl_session_cache shared:SSL:5m;
# other weaknesses.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
+ssl_dhparam /etc/ssl/private/dhparams.pem;
ssl_prefer_server_ciphers on;
# Strict Transport Security header for enhanced security. See