From d6b03b72e8081c983822502e436ec548aa36901e Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 25 Jun 2014 02:43:06 +0200 Subject: wibble --- roles/common-web/files/etc/nginx/ssl/config | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'roles/common-web/files') diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/ssl/config index 6f0546b..7deef29 100644 --- a/roles/common-web/files/etc/nginx/ssl/config +++ b/roles/common-web/files/etc/nginx/ssl/config @@ -1,18 +1,18 @@ ssl on; # See http://nginx.org/en/docs/http/configuring_https_servers.html#optimization -keepalive_timeout 75 75; -ssl_session_timeout 5m; -ssl_session_cache shared:SSL:5m; +keepalive_timeout 75 75; +ssl_session_timeout 5m; +ssl_session_cache shared:SSL:5m; # XXX: Ideally we want to get rid of TLSv1, to be immune to the BEAST # attack. Sadly as of 2013 many clients don't support TLSv1.2, though. # The alternative would be to reject BEAST-vulnerable ciphers from TLSv1 # in favor of RC4, but that's not satisfactory either since RC4 has # other weaknesses. -ssl_protocols TLSv1 TLSv1.1 TLSv1.2; -ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH; -ssl_prefer_server_ciphers on; +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH; +ssl_prefer_server_ciphers on; # Strict Transport Security header for enhanced security. See # http://www.chromium.org/sts. -- cgit v1.2.3