Skip to content

Instantly share code, notes, and snippets.

View rBurgett's full-sized avatar

Ryan rBurgett

View GitHub Profile
@rBurgett
rBurgett / nginx-ssl.conf
Created November 26, 2015 03:25
Configuration to get an A+ on the Qualys SSL Labs test with fast performing and low overhead SSL ciphers. Works in combination with nginx 1.6.0 full and OpenSSL v1.0.1i.
# I've used the configuration below for all my nginx instances and gotten an A+ on the Qualys SSL Test
# (https://www.ssllabs.com/ssltest/index.html). It satisfies requirements for PCI Compliance and
# FIPS. Includes OCSP Stapling (http://en.wikipedia.org/wiki/OCSP_stapling) and HTTP Strict Transport
# Security (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security).
# - Not vulnerable to the Heartbleed attack.
# - Not vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) with OpenSSL v1.0.1i 6 Aug 2014 & Nginx 1.6.0
# - SSL Handshake takes <80ms on most modern server hardware
# Use within the "server" scope among other directives