[packages/nginx] - but don't enable these by default since ssl is not enabled by default
arekm
arekm at pld-linux.org
Mon Oct 20 17:49:20 CEST 2014
commit d4cab47e017b9f6ea39ebf16ffcebee5da2901e8
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Mon Oct 20 17:49:18 2014 +0200
- but don't enable these by default since ssl is not enabled by default
nginx-standard.conf | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/nginx-standard.conf b/nginx-standard.conf
index 65ea70c..aa337bd 100644
--- a/nginx-standard.conf
+++ b/nginx-standard.conf
@@ -41,8 +41,12 @@ http {
# https://wiki.mozilla.org/Security/Server_Side_TLS
# perfect forward secrecy
- ssl_prefer_server_ciphers on;
- ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
+ # ssl_prefer_server_ciphers on;
+ # ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
+
+ # Session resumption (caching)
+ # ssl_session_cache shared:SSL:50m;
+ # ssl_session_timeout 5m;
# ssl_certificate /etc/nginx/server.crt;
# ssl_certificate_key /etc/nginx/server.key;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/nginx.git/commitdiff/d4cab47e017b9f6ea39ebf16ffcebee5da2901e8
More information about the pld-cvs-commit
mailing list