Skip to content

Instantly share code, notes, and snippets.

View FluffyPancakes's full-sized avatar
🐢
Just chillin’

Grant FluffyPancakes

🐢
Just chillin’
View GitHub Profile
@FluffyPancakes
FluffyPancakes / nginx-ssl.conf
Created June 24, 2016 21:09
Configuration to get an A+ on the Qualys SSL Labs test with fast performing and low overhead SSL ciphers. Works in combination with nginx 1.6.0 full and OpenSSL v1.0.1i.
# I've used the configuration below for all my nginx instances and gotten an A+ on the Qualys SSL Test
# (https://www.ssllabs.com/ssltest/index.html). It satisfies requirements for PCI Compliance and
# FIPS. Includes OCSP Stapling (http://en.wikipedia.org/wiki/OCSP_stapling) and HTTP Strict Transport
# Security (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security).
# - Not vulnerable to the Heartbleed attack.
# - Not vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) with OpenSSL v1.0.1i 6 Aug 2014 & Nginx 1.6.0
# - SSL Handshake takes <80ms on most modern server hardware
# Use within the "server" scope among other directives
@hroling
hroling / gist:85f36e86d48285f08161
Last active March 28, 2021 02:42
Apache 2.4 SSL config for A+ on SSLLabs.com
OLD stuff. This was not enough for an A+ anymore.