Interanet/jitsi-meet-deployment
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

web: split TLS configuration and make it stronger

Browse Source 
Resources:

- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
- https://weakdh.org/sysadmin.html
This commit is contained in:
Saúl Ibarra Corretgé
2018-11-07 09:55:59 +01:00
parent c34b4814df
commit 415f10406f
3 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
web/rootfs/defaults/ssl.conf Normal file
View File

@@ -0,0 +1,16 @@
# session settings
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE cipher suites
ssl_dhparam /config/nginx/dhparams.pem;
# ssl certs
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
# protocols
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;