From b75844e6229fd77eb48f6d4c5e4f81d4e2e1d74e Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Fri, 28 Oct 2016 18:48:12 +0800 Subject: [PATCH] update ciphers for nginx --- make/common/templates/nginx/nginx.https.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make/common/templates/nginx/nginx.https.conf b/make/common/templates/nginx/nginx.https.conf index 4f527ec87..f862fcc20 100644 --- a/make/common/templates/nginx/nginx.https.conf +++ b/make/common/templates/nginx/nginx.https.conf @@ -32,7 +32,7 @@ http { # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m;