guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: nginx: mirror: Strengthen TLS support.


From: Ludovic Courtès
Subject: 02/02: nginx: mirror: Strengthen TLS support.
Date: Mon, 14 Mar 2016 15:00:37 +0000

civodul pushed a commit to branch master
in repository maintenance.

commit 78c74cf16f9f559c09f5b56e2fdea80d6eec808a
Author: Ludovic Courtès <address@hidden>
Date:   Mon Mar 14 15:57:19 2016 +0100

    nginx: mirror: Strengthen TLS support.
---
 hydra/nginx/mirror.conf |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/hydra/nginx/mirror.conf b/hydra/nginx/mirror.conf
index eca26bc..b5d7abf 100644
--- a/hydra/nginx/mirror.conf
+++ b/hydra/nginx/mirror.conf
@@ -72,6 +72,17 @@ http {
        server_name         hydra.gnunet.org;
        keepalive_timeout   70;
 
+       # Make sure SSL is disabled.
+       ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+
+       # Disable weak cipher suites.
+       ssl_ciphers         HIGH:!aNULL:!MD5;
+
+       # Use our own DH parameters created with:
+       #    openssl dhparam -out dhparams.pem 2048
+       # as suggested at <https://weakdh.org/sysadmin.html>.
+       ssl_dhparam         /etc/dhparams.pem;
+
        access_log  /var/log/nginx/hydra.https.access.log;
 
        ssl_certificate     /etc/letsencrypt/live/hydra.gnunet.org/cert.pem;



reply via email to

[Prev in Thread] Current Thread [Next in Thread]