Comments (4)
All of the nginx configs mentioned on the site are already covered here plus a few more. With regards to changing the cipher suite. I'm guessing you're thinking "which is it the most secure?", a better question is, "which is the most secure for my users browser?"
While AES128+EECDH:AES128+EDH
would be a secure cipher suite (at this moment in time), it would be very restrictive on who could connect to your site securely. What is currently documented in https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/directive-only/ssl.conf is a good balance between strong ciphers and widest user availability (Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1). Personally I would remove CAMELLIA
from the list which would prevent Java 6u45
from accessing your site but would make you site FIPS 140-2 compliant. If you don't need to support IE8 you can also remove TLS_RSA_WITH_3DES_EDE_CBC_SHA that doesn't support Forward Secrecy.
If you're worried about your TLS cert run a scan on it. I would recommend SSLLABS or GlobalSign which uses SSLLabs, but displays results differently.
from server-configs-nginx.
Also see https://wiki.mozilla.org/Security/Server_Side_TLS and https://mozilla.github.io/server-side-tls/ssl-config-generator/
from server-configs-nginx.
Closing as I don't see any action to take =).
Also note:
from server-configs-nginx.
Alright, thanks. The issue was less of "you need to change something" and more of "hey maintainers, take a look at this if you haven't seen it already".
Thanks for a great project, as I always I appreciate the work.
from server-configs-nginx.
Related Issues (20)
- Content-type header is missing for VTT files HOT 2
- Dependabot couldn't find a <anything>.yml for this project
- Stream block config suggestion? HOT 3
- Create a h5bp Nginx Dockerfile HOT 1
- Getting "HIT" in the second load only (for everybody) HOT 2
- Intermediate SSL policy docs suggest to use intermediate policy in case HOT 2
- Proxy reverse HOT 2
- `X-frame-options: Deny` or `Content-Security-Policy: frame-ancestors none` with Google Search Images HOT 3
- Compress `text/csv` MIME-typed files HOT 2
- Validate configs with Gixy? HOT 8
- Mime type `audio/x-sid` HOT 3
- How to configure php Where are the parameters for index HOT 1
- how to configure php HOT 5
- because it set multiple 'X-Frame-Options' headers HOT 1
- Optimal NGINX gzip_min_length tuned for performance? HOT 1
- NIST curves (prime256v1, secp384r1, secp521r1): still required to support Microsoft Edge and Safari? HOT 1
- Overriding X-Frame-Options for a single VHost
- CORS but with Origin map for multiple domains HOT 1
- Improve SSL/TLS grade HOT 8
- 1.25.2: nginx: [emerg] "location" directive is not allowed here in /etc/nginx/h5bp/location/security_file_access.conf:20
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server-configs-nginx.