* Removed TLSv1 and TLSv1.1
* Added OCSP Stapling * Added SSL Cache * Changed ciphers * Specified ECDH curves
This commit is contained in:
parent
c645a8de2b
commit
93c614bf13
|
@ -36,6 +36,7 @@ server {
|
||||||
ssl_certificate /etc/letsencrypt/live/example.tld/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/example.tld/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem;
|
||||||
|
|
||||||
|
# Add TLSv1.0 to support older devices
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2;
|
||||||
# Uncomment line below if you want to support older devices (Before Android 4.4.2, IE 8, etc.)
|
# Uncomment line below if you want to support older devices (Before Android 4.4.2, IE 8, etc.)
|
||||||
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
|
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
|
||||||
|
|
Loading…
Reference in New Issue