@jgmize Here's a starting point for a modern config. I used the generator here (https://mozilla.github.io/server-side-tls/ssl-config-generator/). It seems there is some missing information that will likely need to be populated before this is ready to land...
jgmize
commented
7 years ago
@jgmize Here's a starting point for a modern config. I used the generator here (https://mozilla.github.io/server-side-tls/ssl-config-generator/). It seems there is some missing information that will likely need to be populated before this is ready to land...
1.) Need to generate a dhparam.pem and set the path with ssl_dhparam (stub provided in this PR and reference here (https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html#Forward_Secrecy_&_Diffie_Hellman_Ephemeral_Parameters)) 2.) Need to obtain the location of the root CA and intermediate certs and set the path (stub provided in this PR) 3.) Need to set the DNS resolver (I'm not sure what would be preferred in this context)
Hope this helps as a bootstrap for getting "MODERN" with SSL/TLS.
Another good reference: https://wiki.mozilla.org/Security/Server_Side_TLS