ssl_conf


1
2
3
4
5
6
7
8

ssl_prefer_server_ciphers On;
# SSLv3 is deprecated
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
add_header Strict-Transport-Security max-age=15768000;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;