my eye
Angelo Gladding
Hacker for right homesteading into the future.
@ragt.ag@angelo@ragt.agangelo@ragt.ag@tyosxbghzcf5

nginx_ssl_params.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14

$def with (dhparam_location)
ssl_protocols              TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers  on;
ssl_dhparam                $dhparam_location; 
ssl_ciphers                EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve             secp384r1;
ssl_session_timeout        10m;
ssl_session_cache          shared:SSL:10m;
ssl_session_tickets        off;
ssl_stapling               on;
ssl_stapling_verify        on;
resolver                   8.8.8.8  8.8.4.4  valid=300s;  # TODO drop google
resolver_timeout           5s;
# leave this here for cat'ing over SSH...