1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
# Based on Mozilla TLS generator configurations
# Mozilla Guideline v5.7, nginx 1.27.3, OpenSSL 3.4.0, intermediate config, no HSTS, no OCSP
# last generated/retrieved on 2025-02-22
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
# see also ssl_session_ticket_key alternative to stateful session cache
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# Generated through openssl in the postinst script.
ssl_dhparam "/etc/nginx/dhparam2048.pem";
|
