Change ciphers

2017-01-09 20:22:44 +01:00
parent 621235d8da
commit 86a8dc195e
3 changed files with 12 additions and 6 deletions
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -5,9 +5,9 @@ server {
  ssl_certificate_key /etc/ssl/mail/key.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
-  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+  ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
+  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
  ssl_ecdh_curve secp384r1;
-  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  index index.php index.html;
  server_name _ autodiscover.* autoconfig.*;
  error_log  /var/log/nginx/error.log;