github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update SSL Ciphers

Browse source 
To fix RC4 immediate deprecation by major web browsers. Using old configuration results in "Insecure Certificate" errors.
Strong Ciphers via CloudFlare (https://github.com/cloudflare/sslconfig/blob/master/conf).
Excluded CloudFlare's use of ChaCha cipher due to compatibility patch required.

Info Source:
https://tools.ietf.org/html/rfc7465
https://www.pcicomplianceguide.org/pci-dss-v3-1-and-ssl-what-you-should-do-now/
https://blog.digicert.com/major-browsers-announce-rc4-deprecation/
This commit is contained in:
Daniel Ting 2015-10-08 19:10:59 +11:00
commit 70a8f75f1b
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/rpm/conf/nginx.conf
View file

@ -37,7 +37,8 @@ http {
# SSL PCI Compliance # SSL PCI Compliance
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;