Skip to content

Commit

Permalink
Add additional ssl_ecdh_curve option
Browse files Browse the repository at this point in the history
  • Loading branch information
@lewisgoddard
lewisgoddard authored Aug 27, 2017
1 parent d81eef6 commit 85eddc4
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion nginx-config/directive/bubbly_rock-hard-ssl.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,22 @@
# Option 1. [DEFAULT] Typically sufficient.
ssl_ecdh_curve secp384r1;

# Option 2. Slightly better with a larger generation.
# Option 2. Slightly better.
# [WARNING] Slower and breaks some IE on mobiles.
#ssl_ecdh_curve secp521r1;

# Option 3. Allow either on modern systems.
# [WARNING] Only for for nginx >= 1.11.0 and openssl >= 1.0.2
#ssl_ecdh_curve secp521r1:secp384r1;


#### Strict Transport Security
# [WARNING] Strict-Transport-Security will stop HTTP access for specified time.
# [OPTION] Include sub-domains with HSTS.

# Option 1. [DEFAULT] Current domain only.
add_header Strict-Transport-Security "max-age=31536000" always;

# Option 2. includeSubDomains
# [WARNING] This will block HTTP access to sub-domains.
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always
Expand Down

0 comments on commit 85eddc4

Please sign in to comment.