September 09, 2014

Got A+ at the SSL LABS test

Today I’ve got 100% for Certificate, Protocol Support, Key Exchange and the Cipher Strength at the Qualys SSL Labs - SSL Test


nginx config

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;

ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;

# openssl dhparam -out /etc/ssl/certs/dh4096.pem 4096  (may take up to 2 hours on some systems or more)
ssl_dhparam /etc/ssl/certs/dh4096.pem;
ssl_ecdh_curve secp521r1;