Skip to content

Instantly share code, notes, and snippets.

@sergejmueller

sergejmueller/nginx.conf

Created May 26, 2015 17:08
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sergejmueller/8bdbdace767493e9aca3 to your computer and use it in GitHub Desktop.
Save sergejmueller/8bdbdace767493e9aca3 to your computer and use it in GitHub Desktop.
Download ZIP
Logjam vulnerability: SSL/TLS cipher suites for Nginx recommended by Yandex engineers http://habrahabr.ru/company/yandex/blog/258673/
Raw
nginx.conf
# Modern browsers
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers kEECDH+AESGCM+AES128:kEECDH+AES128:kRSA+AESGCM+AES128:kRSA+AES128:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
# Modern browsers + IE8 on XP
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers kEECDH+AESGCM+AES128:kEECDH+AES128:kRSA+AESGCM+AES128:kRSA+AES128:kRSA+3DES:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
@keinwort
Copy link

keinwort commented Apr 2, 2016

i propose to remove " TLSv1 ", i removed it in my config
THX for the ssl_ciphers,
gives me now an A+ on ssllabs.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment