How to get the a+ rating from ssl labs. Here is my nginx config with the ciphers:
vim /etc/nginx/nginx.conf ## # SSL Settings ## ssl_session_timeout 5m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'; #add_header Strict-Transport-Security max-age=15768000; # six months #use this only if all subdomains support HTTPS! add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; ssl_dhparam /etc/nginx/dhparams.pem;
cd /etc/nginx/ #generate own diffie hellmann parameters openssl dhparam -out dhparams.pem 4096 systemctl restart nginx
