diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-05-26 00:55:19 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:53:52 +0200 |
| commit | 64e8603cf9790aa4419d0f2746671bd242e6344d (patch) | |
| tree | a54c623bbe44f52c583bacf80848d3b9d4467abe /roles/common-web | |
| parent | 6b424a8f4155dea449b1dde746eae77bded63f7c (diff) | |
logjam mitigation.
Diffstat (limited to 'roles/common-web')
| -rw-r--r-- | roles/common-web/files/etc/nginx/ssl/config | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/ssl/config index 7deef29..26a64f4 100644 --- a/roles/common-web/files/etc/nginx/ssl/config +++ b/roles/common-web/files/etc/nginx/ssl/config @@ -12,6 +12,7 @@ ssl_session_cache shared:SSL:5m; # other weaknesses. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH; +ssl_dhparam /etc/ssl/private/dhparams.pem; ssl_prefer_server_ciphers on; # Strict Transport Security header for enhanced security. See |