Created
May 26, 2015 17:08
-
-
Save sergejmueller/8bdbdace767493e9aca3 to your computer and use it in GitHub Desktop.
Logjam vulnerability: SSL/TLS cipher suites for Nginx recommended by Yandex engineers http://habrahabr.ru/company/yandex/blog/258673/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Modern browsers | |
ssl_prefer_server_ciphers on; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers kEECDH+AESGCM+AES128:kEECDH+AES128:kRSA+AESGCM+AES128:kRSA+AES128:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2; | |
# Modern browsers + IE8 on XP | |
ssl_prefer_server_ciphers on; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers kEECDH+AESGCM+AES128:kEECDH+AES128:kRSA+AESGCM+AES128:kRSA+AES128:kRSA+3DES:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
i propose to remove " TLSv1 ", i removed it in my config
THX for the ssl_ciphers,
gives me now an A+ on ssllabs.com