summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/common-web/files/etc/nginx/ssl/config4
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/ssl/config
index 863961b..6f0546b 100644
--- a/roles/common-web/files/etc/nginx/ssl/config
+++ b/roles/common-web/files/etc/nginx/ssl/config
@@ -10,10 +10,10 @@ ssl_session_cache shared:SSL:5m;
# The alternative would be to reject BEAST-vulnerable ciphers from TLSv1
# in favor of RC4, but that's not satisfactory either since RC4 has
# other weaknesses.
-ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
ssl_prefer_server_ciphers on;
# Strict Transport Security header for enhanced security. See
# http://www.chromium.org/sts.
-add_header Strict-Transport-Security "max-age=12960000";
+add_header Strict-Transport-Security "max-age=15552000";