[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: nginx: mirror: Strengthen TLS support.
|
From: |
Ludovic Courtès |
|
Subject: |
02/02: nginx: mirror: Strengthen TLS support. |
|
Date: |
Mon, 14 Mar 2016 15:00:37 +0000 |
civodul pushed a commit to branch master
in repository maintenance.
commit 78c74cf16f9f559c09f5b56e2fdea80d6eec808a
Author: Ludovic Courtès <address@hidden>
Date: Mon Mar 14 15:57:19 2016 +0100
nginx: mirror: Strengthen TLS support.
---
hydra/nginx/mirror.conf | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/hydra/nginx/mirror.conf b/hydra/nginx/mirror.conf
index eca26bc..b5d7abf 100644
--- a/hydra/nginx/mirror.conf
+++ b/hydra/nginx/mirror.conf
@@ -72,6 +72,17 @@ http {
server_name hydra.gnunet.org;
keepalive_timeout 70;
+ # Make sure SSL is disabled.
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+ # Disable weak cipher suites.
+ ssl_ciphers HIGH:!aNULL:!MD5;
+
+ # Use our own DH parameters created with:
+ # openssl dhparam -out dhparams.pem 2048
+ # as suggested at <https://weakdh.org/sysadmin.html>.
+ ssl_dhparam /etc/dhparams.pem;
+
access_log /var/log/nginx/hydra.https.access.log;
ssl_certificate /etc/letsencrypt/live/hydra.gnunet.org/cert.pem;