bhpayne
commented
4 years ago ran
$ date; time openssl dhparam -out dhparam.pem 2048; datewhich took less than 1 minutes and added dhparam.pem to nginx
Open bhpayne opened 4 years ago
bhpayne
commented
4 years ago ran
$ date; time openssl dhparam -out dhparam.pem 2048; datewhich took less than 1 minutes and added dhparam.pem to nginx
bhpayne
commented
4 years ago Good context: https://www.keycdn.com/blog/perfect-forward-secrecy
bhpayne
commented
4 years ago for guidance, see "2.3 Use Secure Cipher Suites" in https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
example configs for nginx:
https://www.ssllabs.com/ssltest/analyze.html?d=derivationmap.net
as of 20200513 the site gets a "B" rating.
See https://blog.miguelgrinberg.com/post/running-your-flask-application-over-https for guidance.