summaryrefslogtreecommitdiffstats
path: root/roles/common-web/files/etc/nginx
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-18 17:55:40 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-18 17:55:44 +0200
commitcda53ea254de51eb46cb0f53f7d33b9a0f794bfc (patch)
treee23452acbeb0f233a323ebac0abdc9c8d3dd9d1d /roles/common-web/files/etc/nginx
parent5425ed1ffa2953abdfdc819841665260dd38701d (diff)
Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.
Ideally we we should also increase the Diffie-Hellman group size from 2048-bit to 3072-bit, as per ENISA 2014 report. https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014 But we postpone that for now until we are reasonably certain that older client won't be left out.
Diffstat (limited to 'roles/common-web/files/etc/nginx')
-rw-r--r--roles/common-web/files/etc/nginx/snippets/ssl.conf2
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common-web/files/etc/nginx/snippets/ssl.conf b/roles/common-web/files/etc/nginx/snippets/ssl.conf
index 1d40ce6..4af4d53 100644
--- a/roles/common-web/files/etc/nginx/snippets/ssl.conf
+++ b/roles/common-web/files/etc/nginx/snippets/ssl.conf
@@ -11,7 +11,7 @@ ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
-ssl_dhparam /etc/ssl/private/dhparams.pem;
+ssl_dhparam /etc/ssl/dhparams.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;