ssl labs nginx config/ciphers – a+ rating

How to get the a+ rating from ssl labs. Here is my nginx config with the ciphers:

bildschirmfoto-vom-2016-11-02-19-14-58

vim /etc/nginx/nginx.conf

 ##
 # SSL Settings
 ##

 ssl_session_timeout 5m;
 ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
 #add_header Strict-Transport-Security max-age=15768000; # six months
 #use this only if all subdomains support HTTPS!
 add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 ssl_dhparam /etc/nginx/dhparams.pem;
cd /etc/nginx/

#generate own diffie hellmann parameters
openssl dhparam -out dhparams.pem 4096

systemctl restart nginx

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.