From ad3aa5365577c3f25ccc81ae5a0fd94c0d68e71f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 24 Jan 2016 14:13:18 +0100
Subject: better tls config

---
 custom/ymir-nginx.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'custom')

diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index 9c98d2ab..fd7d7e94 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -68,6 +68,12 @@ in {
       access_log stderr;
       error_log stderr;
 
+      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+      ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+      ssl_prefer_server_ciphers on;
+      ssl_session_cache shared:SSL:10m;
+      ssl_dhparam /etc/ssl/dhparam.pem;
+
       server {
         listen *:80;
         listen [::]:80;
-- 
cgit v1.2.3