gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

nginx.conf: protect server against the BEAST SSL attack (ref: http://nginx.org/en/docs/http/configuring_https_servers.html)

This commit is contained in:
Aitte 2013-02-24 15:59:30 -05:00 committed by Andy Dawson
parent 4a0fa84b53
commit 020851039b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nginx/nginx.conf
View File

@ -90,5 +90,11 @@ http {
# a specific directory, or on an individual server{} level. # a specific directory, or on an individual server{} level.
# gzip_static on; # gzip_static on;
# Protect against the BEAST attack by preferring RC4-SHA when using SSLv3 and TLS protocols.
# Note that TLSv1.1 and TLSv1.2 are immune to the beast attack but only work with OpenSSL v1.0.1 and higher and has limited client support.
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
include sites-enabled/*; include sites-enabled/*;
} }