Nginx cypher filter - Githubissues

YunoHost / packages_old

[not used anymore] YunoHost Debian package sources

http://yunohost.org

8 stars 7 forks source link

Nginx cypher filter #7

Open Kloadut opened 10 years ago

Kloadut commented 10 years ago

Add cypher list to nginx template, kinda like this:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   
ssl_ciphers DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:!ADH:!aNULL;   
ssl_prefer_server_ciphers on;

To be tested

alexjj commented 9 years ago

This gist gives a nice set of ciphers, plus potentially other nginx SSL extras

mbugeia commented 9 years ago

Here is the configuration I use with yunohost: https://gist.github.com/mbugeia/0252eba19225bf10269e

The cipher list is from intermediate compatibility of https://wiki.mozilla.org/Security/Server_Side_TLS

Tested with https://www.ssllabs.com/ssltest/ With a valid certificate (startssl) and sha2 intermediate certificate: 2015-01-19 23_03_34-qualys ssl labs - projects _ ssl server test _

With yunohost self-signed certificate 2015-01-19 23_03_53-qualys ssl labs - projects _ ssl server test _

Client compatibility 2015-01-19 23_02_54-qualys ssl labs - projects _ ssl server test _

Protocol details 2015-01-19 23_03_21-qualys ssl labs - projects _ ssl server test _