Skip to content

Instantly share code, notes, and snippets.

@VirtuBox

VirtuBox/modern-ssl.md

Last active June 7, 2017 15:46
Show Gist options
  • Save VirtuBox/9eefbc0bdd54b96248ad77afa4f3ed06 to your computer and use it in GitHub Desktop.
Save VirtuBox/9eefbc0bdd54b96248ad77afa4f3ed06 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
modern-ssl.md

Configure Diffie-Hellman (DH) key exchange parameters

mkdir /etc/nginx/ssl
cd /etc/nginx/ssl 
openssl dhparam 4096 -out dhparam.pem

create a modern-ssl.conf file for Nginx


    # modern configuration. tweak to your needs.
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # Extra security headers
    add_header X-Frame-Options SAMEORIGIN;  
    add_header X-Content-Type-Options nosniff;  
    add_header X-XSS-Protection "1; mode=block";

Include your configuration in Nginx by adding this in your vhost conf

include /etc/nginx/common/modern-ssl.conf;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment