commit d4cab47e017b9f6ea39ebf16ffcebee5da2901e8
Author: Arkadiusz MiĆkiewicz <[email protected]>
Date: Mon Oct 20 17:49:18 2014 +0200
- but don't enable these by default since ssl is not enabled by default
nginx-standard.conf | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/nginx-standard.conf b/nginx-standard.conf
index 65ea70c..aa337bd 100644
--- a/nginx-standard.conf
+++ b/nginx-standard.conf
@@ -41,8 +41,12 @@ http {
# https://wiki.mozilla.org/Security/Server_Side_TLS
# perfect forward secrecy
- ssl_prefer_server_ciphers on;
- ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM
EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP
!DSS +RC4 RC4";
+ # ssl_prefer_server_ciphers on;
+ # ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM
EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP
!DSS +RC4 RC4";
+
+ # Session resumption (caching)
+ # ssl_session_cache shared:SSL:50m;
+ # ssl_session_timeout 5m;
# ssl_certificate /etc/nginx/server.crt;
# ssl_certificate_key /etc/nginx/server.key;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/nginx.git/commitdiff/d4cab47e017b9f6ea39ebf16ffcebee5da2901e8
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
