gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity
455 Commits 2 Branches 12 Tags 1.2 MiB
Commit Graph

8 Commits

Author SHA1 Message Date
franz-josef-kaiser d7f6fa09d3 docs: Correct reference to weaker policy in doc block. 2020-12-30 00:09:53 +01:00
Pete Cooper 67c54c53f1
Documentation formatting and reviewing (#232) 
No code changes, some config reordering
 2019-05-15 23:20:10 +02:00
Léo Colombaro 0a6c880be0
Improve wording and file headers 2019-05-15 18:26:04 +02:00
Léo Colombaro d2531ac605 Rotate ssl policies to modernize protocols recommendations 
Closes #210
 2019-02-01 16:13:22 +01:00
Ewout van Mansom df23e0ba8c Add DH parameters note to policy_intermediate.conf (#212) 
For DHE ciphersuites, adding a diffie hellman parameter is a good practice. Only the intermediate policy uses DHE ciphersuites.
 2018-12-02 17:05:11 +01:00
Léo Colombaro 86d8ed33ca
Improve SSL directives declarations, order and descriptions 2018-12-02 12:57:01 +01:00
Ewout van Mansom 8141562756 Add eleptic curves for intermediate profile preset 
prime256v1 (NIST P-256), secp384r1 (NIST P-384) and secp521r1 (NIST P-521) have been deemed insecure as per Daniel J. Bernstein's research (https://cr.yp.to/newelliptic/nistecc-20160106.pdf, https://safecurves.cr.yp.to/).

Despite that, the adoption of X25519 is too slim. Limiting to that curve would mean dropping compatibility with Safari, Edge and Internet Explorer.
 2018-11-30 11:38:25 +01:00
Léo Colombaro 10fc3a39a6 Split SSL config 
Prepare #180
 2018-11-29 10:39:33 +01:00