Darren Clark dclark
dclark
/ nginx-ssl.conf
Created
February 29, 2016 20:26
Configuration to get an A+ on the Qualys SSL Labs test with fast performing and low overhead SSL ciphers. Works in combination with nginx 1.6.0 full and OpenSSL v1.0.1i.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I've used the configuration below for all my nginx instances and gotten an A+ on the Qualys SSL Test | |
| # (https://www.ssllabs.com/ssltest/index.html). It satisfies requirements for PCI Compliance and | |
| # FIPS. Includes OCSP Stapling (http://en.wikipedia.org/wiki/OCSP_stapling) and HTTP Strict Transport | |
| # Security (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). | |
| # - Not vulnerable to the Heartbleed attack. | |
| # - Not vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) with OpenSSL v1.0.1i 6 Aug 2014 & Nginx 1.6.0 | |
| # - SSL Handshake takes <80ms on most modern server hardware | |
| # Use within the "server" scope among other directives |