ties · May 14, 2014 15:04
diff --git a/ssl_nginx.conf b/ssl_nginx.conf
 listen [::]:443 ipv6only=on ssl default_server;

 ssl_session_cache shared:SSL:10m;

 ssl                  on;
 ssl_certificate          <unified certificate chain>;
 ssl_certificate_key      <private key>;
 ssl_dhparam		 <dh param>;

 ssl_session_timeout  5m;

 ssl_protocols SSLv3 TLSv1.2 TLSv1.1 TLSv1;
 ssl_ciphers  EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4;
 ssl_prefer_server_ciphers   on;
 # staple
 ssl_stapling on;

 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
	listen [::]:443 ipv6only=on ssl default_server;

	ssl_session_cache shared:SSL:10m;

	ssl on;
	ssl_certificate <unified certificate chain>;
	ssl_certificate_key <private key>;
	ssl_dhparam <dh param>;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1.2 TLSv1.1 TLSv1;
	ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4;
	ssl_prefer_server_ciphers on;
	# staple
	ssl_stapling on;

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";