Skip to content

Instantly share code, notes, and snippets.

@cloudrck

cloudrck/nginx_ssl.conf

Created March 5, 2015 01:32
Show Gist options
  • Save cloudrck/bdd33cc8385f8300826b to your computer and use it in GitHub Desktop.
Save cloudrck/bdd33cc8385f8300826b to your computer and use it in GitHub Desktop.
Download ZIP
Suggested TLS Config for Nginx
Raw
nginx_ssl.conf
# Turn on SSL
ssl on;
ssl_certificate /etc/nginx/certs/my_example_com.pem;
ssl_certificate_key /etc/nginx/certs/my.example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 3m;
# Protect against BEAST, POODLE, FREAK TLS attacks
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
# config to enable HSTS(HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment