diff options
author | Thomas Willingham <beardyunixer@beardyunixer.com> | 2014-10-16 01:57:04 +0100 |
---|---|---|
committer | Thomas Willingham <beardyunixer@beardyunixer.com> | 2014-10-16 01:57:04 +0100 |
commit | 11ad127c68216734c406c393a361f2231e3a5a15 (patch) | |
tree | a066dc6c34a6db1b29a33be8a16e6ea298721ff7 | |
parent | 1eb478ba54206cca53653e7a579aa1a36fb03315 (diff) | |
download | volse-hubzilla-11ad127c68216734c406c393a361f2231e3a5a15.tar.gz volse-hubzilla-11ad127c68216734c406c393a361f2231e3a5a15.tar.bz2 volse-hubzilla-11ad127c68216734c406c393a361f2231e3a5a15.zip |
Let's not play security expert. Use Mozillas recommended server
config, even if it's ridiculously verbose. Reasoning - they make
the browser, so if they've got it wrong, you're buggered anyway.
-rw-r--r-- | doc/install/sample-nginx.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/install/sample-nginx.conf b/doc/install/sample-nginx.conf index dd3b63d3b..f533d8ee0 100644 --- a/doc/install/sample-nginx.conf +++ b/doc/install/sample-nginx.conf @@ -56,7 +56,7 @@ server { ssl_certificate_key /etc/nginx/ssl/example.net.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; ssl_prefer_server_ciphers on; fastcgi_param HTTPS on; |