diff --git a/sites-available/postfixadmin_ffhh b/sites-available/postfixadmin_ffhh index 7e91405..f42ac90 100644 --- a/sites-available/postfixadmin_ffhh +++ b/sites-available/postfixadmin_ffhh @@ -34,21 +34,13 @@ server { ssl_certificate /etc/nginx/ssl/postfix_ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/postfix_ssl/server.key; -# ssl_certificate /etc/nginx/ssl/ffhh.crt; -# ssl_certificate_key /etc/nginx/ssl/hamburg.freifunk.net.key; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; - ssl_session_timeout 5m; -# -# # NEW SETTINGS -# ssl_prefer_server_ciphers on; -# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; -# ssl_ciphers "EECDH+AESGCM EDH+AESGCM !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; -# ssl_ciphers "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; -# -# # OLD SETTINGS - ssl_prefer_server_ciphers on; - ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + # Only strong ciphers in PFS mode + ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA; + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; location ~ \.php$ { fastcgi_pass unix:/var/run/php5-fpm.sock;