22 lines
840 B
Plaintext
22 lines
840 B
Plaintext
ssl_dhparam /etc/nginx/dhparam.pem;
|
|
ssl_protocols TLSv1.2 TLSv1.3; # Score=100
|
|
|
|
# ssl ciphers list
|
|
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED'; # Score=90 (recommended because more compatible)
|
|
# ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; # Score=100
|
|
|
|
# to ensure that the best possible cipher is always included over the weaker ones, chosen from the above order
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
|
# OCSP stapling
|
|
ssl_stapling on; # allow Nginx to send OCSP results during the connection process
|
|
ssl_stapling_verify on;
|
|
resolver 80.67.169.12 80.67.169.40 valid=300s;
|
|
resolver_timeout 10s;
|
|
|
|
# Speeds things up a little bit when resuming a session
|
|
ssl_session_timeout 5m;
|
|
ssl_session_cache shared:SSL:5m;
|
|
|