Remove ECDH curve or change it ? (#579)

Update ECDH curves recommended by Mozilla, now that we are on stretch
This commit is contained in:
liberodark 2018-11-27 18:30:39 +01:00 committed by Alexandre Aubin
parent 76121ea084
commit 1906692289

View file

@ -30,12 +30,7 @@ server {
ssl_session_cache shared:SSL:50m;
# As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
# (this doesn't work on jessie though ...?)
# ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# As suggested by https://cipherli.st/
ssl_ecdh_curve secp384r1;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_prefer_server_ciphers on;
# Ciphers with intermediate compatibility