diff --git a/install/debian/nginx.conf b/install/debian/nginx.conf index 91a43671..79cf5ae7 100644 --- a/install/debian/nginx.conf +++ b/install/debian/nginx.conf @@ -69,9 +69,10 @@ http { # SSL PCI Compliance - ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; - ssl_session_cache shared:SSL:10m; - ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"; # Error pages diff --git a/install/rhel/nginx.conf b/install/rhel/nginx.conf index 3897fa5d..61e34f57 100644 --- a/install/rhel/nginx.conf +++ b/install/rhel/nginx.conf @@ -69,9 +69,10 @@ http { # SSL PCI Compliance - ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; - ssl_session_cache shared:SSL:10m; - ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"; # Error pages diff --git a/install/ubuntu/nginx.conf b/install/ubuntu/nginx.conf index 0852c60f..4818be76 100644 --- a/install/ubuntu/nginx.conf +++ b/install/ubuntu/nginx.conf @@ -69,9 +69,10 @@ http { # SSL PCI Compliance - ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; - ssl_session_cache shared:SSL:10m; - ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"; # Error pages