Nginx – SSL A+

To enhance cryptography, you must use the Diffie-Hellman parameter file with a length of at least 4096 bits.

Let’s create a file like this:

openssl dhparam -out /etc/nginx/ssl-dhparams.pem 4096

Will be added to the Nginx config file:

    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:TLS:2m;
    ssl_session_timeout 2m;
    ssl_buffer_size 4k;
    ssl_dhparam /etc/nginx/ssl-dhparams.pem;
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;

    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';

You can use the following service to check: ssllabs.com

0 0 vote
Article Rating

Tagged: Tags

Подписаться
Уведомление о
guest
0 Comments
Inline Feedbacks
View all comments