diff options
Diffstat (limited to 'playbooks.d/webserver-nginx/share/snippets.d/ssl.conf')
-rw-r--r-- | playbooks.d/webserver-nginx/share/snippets.d/ssl.conf | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf b/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf new file mode 100644 index 0000000..68bcdf0 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf @@ -0,0 +1,16 @@ +# SSL settings +ssl_protocols TLSv1.3 TLSv1.2; + +ssl_buffer_size 4K; +ssl_dhparam /etc/nginx/dhparam.pem; +ssl_ecdh_curve secp521r1:secp384r1; +ssl_prefer_server_ciphers on; +ssl_session_cache shared:le_nginx_SSL:2m; +ssl_session_tickets off; +ssl_session_timeout 1440m; + +# Ciphers +ssl_ciphers 'EECDH+AESGCM:EECDH+AES256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA'; + +# Additional headers +add_header Strict-Transport-Security "max-age=63072000" always; |