Blame public/fs/etc/nginx/conf.d/ssl_params
|
root@culturestrings |
8f5160 |
ssl_trusted_certificate /home/webroot/letsencrypt/ssl/chain.pem;
|
|
root@culturestrings |
8f5160 |
|
|
root@culturestrings |
8f5160 |
ssl_stapling on;
|
|
root@culturestrings |
8f5160 |
ssl_stapling_verify on;
|
|
root@culturestrings |
8f5160 |
ssl_prefer_server_ciphers on;
|
|
root@culturestrings |
8f5160 |
|
|
root@culturestrings |
8f5160 |
ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:!aNULL:!eNULL:!EXPORT:!EDH:!CAMELLIA:!3DES:!DES:!MD5:!PSK:!RC4:!RSA;
|
|
root@culturestrings |
8f5160 |
ssl_protocols TLSv1.2 TLSv1.3;
|
|
root@culturestrings |
8f5160 |
ssl_ecdh_curve X25519:secp384r1;
|
|
root@culturestrings |
8f5160 |
|
|
root@culturestrings |
8f5160 |
ssl_session_cache shared:SSL:1m;
|
|
root@culturestrings |
8f5160 |
ssl_session_timeout 5m;
|
|
root@culturestrings |
8f5160 |
|
|
root@culturestrings |
8f5160 |
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
|
root@culturestrings |
8f5160 |
add_header X-Frame-Options DENY;
|
|
root@culturestrings |
8f5160 |
add_header X-Content-Type-Options nosniff;
|
|
root@culturestrings |
8f5160 |
add_header X-XSS-Protection "1; mode=block";
|