Changes between Version 5 and Version 6 of how-to/servers/nginx_https_pfs
- Timestamp:
- Apr 14, 2014, 3:27:50 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
how-to/servers/nginx_https_pfs
v5 v6 15 15 == Choose the cipher suite == 16 16 17 [https://bettercrypto.org/ bettercrypto.org] suggests the following cipher suite:17 PFS is enabled simply by offering the right cipher suites. [https://bettercrypto.org/ bettercrypto.org] suggests the following: 18 18 {{{ 19 19 EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA … … 28 28 ssl_ciphers EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA:RC4-SHA; 29 29 }}} 30 31 == Test your setup == 32 33 After you have switched on PFS you should [https://www.ssllabs.com/ssltest test your setup].