server-configs-nginx/h5bp/security/ssl_policy.conf

# ----------------------------------------------------------------------
# | SSL Policy                                                         |
# ----------------------------------------------------------------------

# Cipher suites and directive for strong security
#
# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html

# Protect against the BEAST and POODLE attacks by not using SSLv3 at all. If you need to support older browsers (IE6) you may need to add
# SSLv3 to the list of protocols below.
ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;

# Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_ciphers               ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes.
# The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection.
# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state.
# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS.
ssl_session_cache   shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
ssl_session_timeout 24h;

# SSL buffer size
# ssl_buffer_size 1400; # 1400 bytes to fit in one MTU

# Session tickets
#
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous
# sessions. The fix for this is to setup a manual rotation mechanism:
# https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
#
# Note that you'll have to define and rotate the keys securely by yourself. In absence
# of such infrastructure, consider turning off session tickets:
ssl_session_tickets off;

# Use a higher keepalive timeout to reduce the need for repeated handshakes
keepalive_timeout 300s; # up from 75 secs default

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication).
# Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.

# ssl_certificate /etc/nginx/default_ssl.crt;
# ssl_certificate_key /etc/nginx/default_ssl.key;

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# OCSP stapling

# ssl_stapling on;
# ssl_stapling_verify on;

# Trusted certificate must be made up of your intermediate certificate followed by root certificate
# ssl_trusted_certificate /path/to/ca.crt;

# resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
# resolver_timeout 2s;
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# ----------------------------------------------------------------------`
			`# \| SSL Policy \|`
			`# ----------------------------------------------------------------------`

			`# Cipher suites and directive for strong security`
			`#`
			`# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations`
			`# https://mozilla.github.io/server-side-tls/ssl-config-generator/`
			`# https://nginx.org/en/docs/http/ngx_http_ssl_module.html`

			`# Protect against the BEAST and POODLE attacks by not using SSLv3 at all. If you need to support older browsers (IE6) you may need to add`
			`# SSLv3 to the list of protocols below.`
			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`

			`# Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx`
			ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
			`ssl_prefer_server_ciphers on;`

			`# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -`

			`# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes.`
			`# The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection.`
			`# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state.`
			`# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS.`
			`ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions`
			`ssl_session_timeout 24h;`

			`# SSL buffer size`
			`# ssl_buffer_size 1400; # 1400 bytes to fit in one MTU`

			`# Session tickets`
			`#`
			`# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and`
			`# when a restart is performed the previous key is lost, which resets all previous`
			`# sessions. The fix for this is to setup a manual rotation mechanism:`
			`# https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx`
			`#`
			`# Note that you'll have to define and rotate the keys securely by yourself. In absence`
			`# of such infrastructure, consider turning off session tickets:`
			`ssl_session_tickets off;`

			`# Use a higher keepalive timeout to reduce the need for repeated handshakes`
			`keepalive_timeout 300s; # up from 75 secs default`

			`# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -`

			`# This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication).`
			`# Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.`

			`# ssl_certificate /etc/nginx/default_ssl.crt;`
			`# ssl_certificate_key /etc/nginx/default_ssl.key;`

			`# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -`

			`# OCSP stapling`

			`# ssl_stapling on;`
			`# ssl_stapling_verify on;`

			`# Trusted certificate must be made up of your intermediate certificate followed by root certificate`
			`# ssl_trusted_certificate /path/to/ca.crt;`

			`# resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;`
			`# resolver_timeout 2s;`