https with lighttpd & nginx - HighWayToHell

« 美帝原来是个文明国家啊 - 超钢之躯 »

https with lighttpd & nginx

By Druggo Yang, Tuesday, June 11 2013. Permalink 计算机

lighttpd:

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ca/server.pem"
ssl.ca-file = "/etc/lighttpd/ca/ca.crt"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
ssl.honor-cipher-order = "enable"
ssl.disable-client-renegotiation = "enable"
}

nginx:

server {
listen 443 ssl spdy default_server;
server_name druggo.org;
ssl on;
ssl_certificate /etc/nginx/ca/server.pem;
ssl_certificate_key /etc/nginx/ca/server.key;
ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout    60;
ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  10m;
}

test your site with ssllab

This post's comments feed

« 美帝原来是个文明国家啊 - 超钢之躯 »

To top