Open bhpayne opened 4 years ago
ran
$ date; time openssl dhparam -out dhparam.pem 2048; date
which took less than 1 minutes and added dhparam.pem
to nginx
Good context: https://www.keycdn.com/blog/perfect-forward-secrecy
for guidance, see "2.3 Use Secure Cipher Suites" in https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
example configs for nginx:
https://www.ssllabs.com/ssltest/analyze.html?d=derivationmap.net
as of 20200513 the site gets a "B" rating.
See https://blog.miguelgrinberg.com/post/running-your-flask-application-over-https for guidance.