Changes between Version 5 and Version 6 of how-to/servers/nginx_https_pfs


Ignore:
Timestamp:
Apr 14, 2014, 7:27:50 PM (10 years ago)
Author:
IMC linksunten
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • how-to/servers/nginx_https_pfs

    v5 v6  
    1515== Choose the cipher suite ==
    1616
    17 [https://bettercrypto.org/ bettercrypto.org] suggests the following cipher suite:
     17PFS is enabled simply by offering the right cipher suites. [https://bettercrypto.org/ bettercrypto.org] suggests the following:
    1818{{{
    1919EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
     
    2828ssl_ciphers EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA:RC4-SHA;
    2929}}}
     30
     31== Test your setup ==
     32
     33After you have switched on PFS you should [https://www.ssllabs.com/ssltest test your setup].