| @@ -1,6 +1,3 @@
-#
-# HTTPS server configuration
-#
#server {
# listen 443;
@@ -10,15 +7,31 @@
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
-# ssl_session_timeout 5m;
+# Don't use outdated SSLv3 protocol. Protects against BEAST and POODLE attacks.
+# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-# ssl_protocols SSLv2 SSLv3 TLSv1;
-# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
-# ssl_prefer_server_ciphers on;
+# Use secure ciphers - courtesy Cloudflare
+# ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+# ssl_prefer_server_ciphers on;
+
+# ssl_session_cache shared:SSL:20m;
+# ssl_session_tickets on;
+# ssl_session_timeout 30m;
+
+# HSTS - Use HTTPS exclusively , uncomment one.
+# add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
+
+# create new one with: openssl dhparam -out dhparams.pem 2048
+# ssl_dhparam /etc/nginx/ssl/dhparams_2048.pem;
+
+# ssl_buffer_size 4k;
+
+# if you want extra security at the cost of considerable pressure on processor ..
+# ssl_ecdh_curve secp384r1;
# location / {
-# root html;
-# index index.html index.htm;
-# }
+# root html;
+# index index.html index.htm;
+# }
#}
|
