summaryrefslogtreecommitdiff
path: root/roles/nginx/files/snippets/ssl.conf
blob: d187a7c07429e166942e9b9ae48ee140eb220c00 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5;
ssl_prefer_server_ciphers on;

# openssl dhparam -out /etc/ssl/certs/dhparams.pem 2048
ssl_dhparam /etc/ssl/dhparams.pem;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;