Created
January 26, 2017 23:07
-
-
Save petebytes/460aa785ce22b0df4e1f413012540e7a to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # SSL Settings | |
| ## | |
| ssl_session_cache shared:SSL:20m; | |
| ssl_session_timeout 10m; | |
| ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; | |
| ssl_prefer_server_ciphers on; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_dhparam /etc/ssl/certs/dhparam.pem; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| resolver 208.67.222.222 208.67.220.220 valid=300s; | |
| resolver_timeout 5s; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment