Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
nginx weak ciphers issue fix
# compile nginx with openssl1.1.1
# params: --with-openssl=/source/openssl-1.1.1g --with-stream --with-threads --with-file-aio --with-http_stub_status_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --sbin-path=/usr/local/sbin --with-http_stub_status_module --with-http_ssl_module --user=www-data --group=www-data
# generate diffie hellman
openssl dhparam -out /etc/cert/dhparams.pem 4096
# add following params in vhost config
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
Copy
ssl_dhparam /etc/cert/dhparams.pem;
# thats it
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.