Index: modules/nginx/templates/nginx.conf.erb |
=================================================================== |
--- a/modules/nginx/templates/nginx.conf.erb |
+++ b/modules/nginx/templates/nginx.conf.erb |
@@ -34,19 +34,19 @@ http { |
<% if scope.lookupvar('nginx::params::gzip') == 'on' %> |
gzip on; |
gzip_disable "msie6"; |
gzip_min_length 100; |
gzip_buffers 4 8k; |
gzip_types text/plain text/xhtml text/css application/x-javascript text/xml application/atom+xml application/rss+xml; |
<% end %> |
- ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; |
+ ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS !RC4 +3DES DES-CBC3-SHA"; |
Felix Dahlke
2014/04/26 22:19:47
After figuring out how this works, I think it'd be
Wladimir Palant
2014/04/27 20:35:34
You are right, I did that. I also decided to chang
|
ssl_prefer_server_ciphers on; |
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
+ ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; |
<% if ssl_session_cache == 'on' %> |
ssl_session_cache shared:SSL:1m; |
<% else %> |
ssl_session_cache off; |
<% end %> |
types_hash_max_size 2048; |