summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Weiss <holger@zedat.fu-berlin.de>2015-09-16 13:23:44 (GMT)
committerHolger Weiss <holger@zedat.fu-berlin.de>2015-09-16 13:23:44 (GMT)
commitee41383f6108ac841e1b253322b623034849a524 (patch)
tree58b841e1047752d9e4aa1945fd0a7a4715b86664
parentfffa2d3d3a2bbf9525bfdee170d2d2ea49545f49 (diff)
downloadsite-ee41383f6108ac841e1b253322b623034849a524.tar.gz
Use custom DH parameters and limit TLS ciphers
-rw-r--r--etc/nginx.conf6
-rw-r--r--etc/ssl/dh-parameters.pem8
2 files changed, 14 insertions, 0 deletions
diff --git a/etc/nginx.conf b/etc/nginx.conf
index 431092a..ee815d3 100644
--- a/etc/nginx.conf
+++ b/etc/nginx.conf
@@ -10,6 +10,12 @@
10# 10#
11 11
12# 12#
13# TLS configuration.
14#
15ssl_ciphers HIGH:!aNULL:!MD5:!3DES:!SSLv2:@STRENGTH;
16ssl_dhparam /home/plugins/etc/ssl/dh-parameters.pem;
17
18#
13# Server definition for <https://www.monitoring-plugins.org/>. 19# Server definition for <https://www.monitoring-plugins.org/>.
14# 20#
15server { 21server {
diff --git a/etc/ssl/dh-parameters.pem b/etc/ssl/dh-parameters.pem
new file mode 100644
index 0000000..959c2b4
--- /dev/null
+++ b/etc/ssl/dh-parameters.pem
@@ -0,0 +1,8 @@
1-----BEGIN DH PARAMETERS-----
2MIIBCAKCAQEApsZ10FY/BvaU9d3FQ3USOTHn9CYnv4AK0VMfTVkDepP48mjfoXch
3RgQ9X9A54uQuFGnSH5k53mBv57Z6td/fRPzi4SLRvvUuDG9WIN7DHoVUwZIa+Z8o
4MNF+09inX+TCCct04SRO4H4/7tUCvxe7mX9dBX8wENmSERHerHhTFqFuelJjn5Wc
5xK7W6hCaFwVW9xvBa6MLR5VqvVftQVfIEoEnEEUjhXZeqF+rnMCpAGxdyoe7XL/I
6cfiuTratQ5NX9o10l7TTTQtbxJgf7oqRT4hDPUCqjNHoaBdgNsPuqGYwSX7EWxOy
7Z8n+GzWWmKenpUyOiT+3fPVHTy5AaNT+ewIBAg==
8-----END DH PARAMETERS-----