2014-10-15 17:22:09 +02:00
# Protect against the BEAST and POODLE attacks by not using SSLv3 at all. If you need to support older browsers (IE6) you may need to add
2014-07-28 16:16:09 +02:00
# SSLv3 to the list of protocols below.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ;
2014-10-28 22:20:37 +01:00
# Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
2017-01-08 18:18:04 +01:00
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ;
2014-07-28 16:08:19 +02:00
ssl_prefer_server_ciphers on ;
# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes.
# The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection.
# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state.
# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS.
ssl_session_cache shared:SSL:10m ; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
2014-07-28 16:54:31 +02:00
ssl_session_timeout 24h ;
# SSL buffer size was added in 1.5.9
#ssl_buffer_size 1400; # 1400 bytes to fit in one MTU
2014-07-28 16:08:19 +02:00
2014-07-28 16:42:35 +02:00
# Session tickets appeared in version 1.5.9
#
2014-07-28 16:20:58 +02:00
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous
# sessions. The fix for this is to setup a manual rotation mechanism:
# http://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
#
# Note that you'll have to define and rotate the keys securely by yourself. In absence
# of such infrastructure, consider turning off session tickets:
2014-07-28 16:42:35 +02:00
#ssl_session_tickets off;
2014-07-28 16:20:58 +02:00
2014-07-28 16:29:04 +02:00
# Use a higher keepalive timeout to reduce the need for repeated handshakes
2016-03-14 09:19:11 +01:00
keepalive_timeout 300s ; # up from 75 secs default
2014-07-28 16:29:04 +02:00
2014-10-16 11:40:48 +02:00
# HSTS (HTTP Strict Transport Security)
# This header tells browsers to cache the certificate for a year and to connect exclusively via HTTPS.
2017-01-07 18:10:02 +01:00
#add_header Strict-Transport-Security "max-age=31536000" always;
2014-10-28 22:20:37 +01:00
# This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS
2017-01-07 18:10:02 +01:00
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
2015-09-23 11:50:05 +02:00
# This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS
# Recommend is also to use preload service
2017-01-07 18:10:02 +01:00
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
2014-07-28 16:30:00 +02:00
2014-07-28 16:08:19 +02:00
# This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication).
# Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.
#ssl_certificate /etc/nginx/default_ssl.crt;
#ssl_certificate_key /etc/nginx/default_ssl.key;
2014-10-28 22:20:37 +01:00
# Consider using OCSP Stapling as shown in ssl-stapling.conf