public-mirrors/NewsBlur-viq
1
0
Fork 0
mirror of https://github.com/viq/NewsBlur.git synced 2025-11-01 09:09:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Prefer forward secure and ECC cipher suites

Browse source 
I saw https://getsatisfaction.com/newsblur/topics/weak_crypto_available and realized a pull request might better communicate the ease in this improvement.

Configuration changes guided by https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy

Test results can be confirmed with https://www.ssllabs.com/ssltest/analyze.html?d=newsblur.com
This commit is contained in:
Scott Robinson 2013-11-16 17:51:01 +08:00
parent 491ea1fc21
commit ed4bc34288
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/nginx.newsblur.conf
View file

@ -15,6 +15,11 @@ server {
# ssl on;
ssl_certificate /srv/newsblur/config/certificates/newsblur.com.crt;
ssl_certificate_key /srv/newsblur/config/certificates/newsblur.com.key;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \
EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 4M;
server_name www.newsblur.com newsblur.com dev.newsblur.com *.newsblur.com circularapp.com *.circularapp.com;