From 64e8603cf9790aa4419d0f2746671bd242e6344d Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 26 May 2015 00:55:19 +0200 Subject: logjam mitigation. --- roles/common-web/files/etc/nginx/ssl/config | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/common-web/files/etc') diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/ssl/config index 7deef29..26a64f4 100644 --- a/roles/common-web/files/etc/nginx/ssl/config +++ b/roles/common-web/files/etc/nginx/ssl/config @@ -12,6 +12,7 @@ ssl_session_cache shared:SSL:5m; # other weaknesses. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH; +ssl_dhparam /etc/ssl/private/dhparams.pem; ssl_prefer_server_ciphers on; # Strict Transport Security header for enhanced security. See -- cgit v1.2.3