Forum

SSl Config

Fred
3 July 2015, 17:08
Hi Hugo.

On my nginx server I had to create a config file for all my ssl setting.
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 128s;
ssl_stapling on;
ssl_stapling_verify on;
spdy_keepalive_timeout 128s;
spdy_recv_timeout 2s;
add_header Alternate-Protocol "443:npn-spdy/3.1";
add_header Strict-Transport-Security "max-age=315360000; includeSubdomains";

In Hiawatha where do I put all the above settins?
Hugo Leisink
3 July 2015, 17:21
Hiawatha doesn't have those settings. Hiawatha's SSL capabilities are already good enough to get an A score at ssllabs.com by default. Hiawatha doesn't support SPDY. The HSTS header can be set via the RequireTLS option (see manpage).
This topic has been closed.