Nginx https configuration on Ysul
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dereckson
	Jun 6 2015, 19:01

Description

Provide a ssl_params files with sensible default values
Generate a custom DH file.

Event Timeline

dereckson closed this task as Resolved.Jun 6 2015, 19:01

dereckson claimed this task.

dereckson triaged this task as Normal priority.

dereckson added a project: Servers.

dereckson added a subscriber: dereckson.

$ cd /usr/local/etc/nginx/ssl/
$ openssl dhparam -out dhparam.pem 4096
Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time

ssl_params

#Enable https
listen              443 ssl;
listen              [2001:470:1f13:9e1:0:c0ff:ee:1]:443 ssl;
keepalive_timeout   70;

ssl_prefer_server_ciphers on;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam         /usr/local/etc/nginx/ssl/dhparams.pem;
ssl_session_cache   shared:SSL:10m;
ssl_session_timeout 10m;

Nginx https configuration on YsulClosed, ResolvedPublicActions

Description

Event Timeline

Nginx https configuration on Ysul
Closed, ResolvedPublic
Actions