- Note that SHA2 hash algorithm may be not supported on older systems (Windows XP, Windows 2003, among others).
- Be aware that mandatory https on SNI vhosts eliminate [Internet Explorer on Windows XP, among others] (http://en.wikipedia.org/wiki/Server_Name_Indication#Web_browsers.5B6.5D).
-
For updated ssl_ciphers, I refer you to these two sources
-
Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
-
Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.
Comments here do not create notifications, write me an email please, or comment at the article
https://filip-prochazka.com/blog/nginx-https-spdy-hsts-security.
The contact info is at https://filip-prochazka.com - thank you!