Skip to content
Snippets Groups Projects
Commit 5dbcd921 authored by Angristan's avatar Angristan Committed by GitHub
Browse files

ECDH only 

Disable DHE ciphers. We don't loose any compatibility as we already use TLS 1.2, and ECDH is faster and safer.
Also, it's better so specify the curve.

This is the conf I use here : https://tls.imirhil.fr/https/mstdn.io
parent 792389da
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/Running-Mastodon/Production-guide.md
+ 2
1
View file @ 5dbcd921
......@@ -23,7 +23,8 @@ server {
server_name example.com;
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment