123456789101112131415161718192021222324252627282930 |
- # Values here are based on Mozilla's "Modern compatibility" configuration.
- # https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
- #
- # NB: This configuration severely limits older browsers and configurations.
- # Specifically, the following are the oldest supported versions:
- #
- # * Firefox 27
- # * Chrome 30
- # * IE 11 on Windows 7
- # * Edge
- # * Opera 17
- # * Safari 9
- # * Android 5.0
- # * Java 8
- #
- # Older browsers or platforms won't be able to negotiate a connection.
-
- http {
-
- ssl_protocols TLSv1.2;
- ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
- ssl_prefer_server_ciphers on;
- ssl_session_timeout 1d;
- ssl_session_cache shared:SSL:50m;
- ssl_session_tickets off;
- ssl_stapling on;
- ssl_stapling_verify on;
- resolver 8.8.8.8;
-
- }
|