gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity
346 Commits 2 Branches 12 Tags 1.2 MiB
Nginx 100%
Go to file
Léo Colombaro 959839d81f Add a modern profile for SSL policy 
TLSv1.0 & TLSv1.1 suffer from [POODLE](blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls) and other [padding oracle attack](blog.cloudflare.com/padding-oracles-and-the-decline-of-cbc-mode-ciphersuites)
You need to support only TLSv1.2 to expect closing those weakness (and use only AEAD cipher suite in case of padding oracle).

The same, non PFS cipher suite is not at all recommended (see heartbleed effect).
DHE support [is dropped](digicert.com/blog/google-plans-to-deprecate-dhe-cipher-suites) from any decent user agent and can lead to [mitm attack](media.ccc.de/v/32c3-7288-logjam_diffie-hellman_discrete_logs_the_nsa_and_you#t=1357) (arround ~25min in the video) with only one side supporting weak cipher suite.
3DES is deprecated and suffer from [sweet32](sweet32.info)

So I recommend using only the `EECDH+CHACHA20:EECDH+AES` cipher suite, which has [quite good compatibility](cryptcheck.fr/suite/EECDH+CHACHA20:EECDH+AES) and a very better security than the actual cipher suite.

Fix #201
Fix #183
Fix #190
Prepare #180

Co-authored-by: aeris <aeris@users.noreply.github.com>
 		2018-11-29 10:39:33 +01:00
.github Create CODEOWNERS 2018-11-25 18:25:04 +01:00
bin Fix typo in `inline.sh` 2015-05-11 17:59:39 +02:00
doc Fix TOC link in doc 2018-11-23 18:22:35 +01:00
h5bp Add a modern profile for SSL policy 2018-11-29 10:39:33 +01:00
sites-available Split SSL config 2018-11-29 10:39:33 +01:00
sites-enabled Tweaks and lint 2018-11-25 22:07:01 +01:00
.editorconfig Fix external links 2018-11-23 14:45:12 +01:00
.gitattributes Add a gitattributes file 2018-11-23 12:33:48 +01:00
.gitignore Tweaks and lint 2018-11-25 22:07:01 +01:00
CHANGELOG.md oops 2017-05-06 19:31:51 +02:00
LICENSE.txt Update repo documentation 2018-11-23 13:32:36 +01:00
README.md Update repo documentation 2018-11-23 13:32:36 +01:00
mime.types Changed GeoJSON and RDF media type (#186) 2018-11-23 12:56:17 +01:00
nginx.conf Tweaks and lint 2018-11-25 22:07:01 +01:00

README.md

Nginx Server Configs

Nginx Server Configs is a collection of configuration snippets that can help your server improve the web site's performance and security, while also ensuring that resources are served with the correct content-type and are accessible, if needed, even cross-domain.

Documentation

The documentation is bundled with the project, which makes it readily available for offline reading and provides a useful starting point for any documentation you want to write about your project.

Contributing

Anyone is welcome to contribute, however, if you decide to get involved, please take a moment to review the guidelines:

Acknowledgements

Nginx Server Configs is only possible thanks to all the awesome contributors!

License

The code is available under the MIT license.