]> cat aescling's git repositories - mastodon.git/commitdiff
cat aescling's git repositories / mastodon.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 792389d)
ECDH only
authorAngristan <stanislas.lange@protonmail.com>
Wed, 5 Apr 2017 08:44:08 +0000 (10:44 +0200)
committerGitHub <noreply@github.com>
Wed, 5 Apr 2017 08:44:08 +0000 (10:44 +0200)
Disable DHE ciphers. We don't loose any compatibility as we already use TLS 1.2, and ECDH is faster and safer.
Also, it's better so specify the curve.

This is the conf I use here : https://tls.imirhil.fr/https/mstdn.io

docs/Running-Mastodon/Production-guide.md patch | blob | history

diff --git a/docs/Running-Mastodon/Production-guide.md b/docs/Running-Mastodon/Production-guide.md
index d539ddf64441a8a6b03e96a58b3dd797ba2a1f26..3912fd2ba71dfa46a9ece2725d4257076c067a07 100644 (file)
--- a/docs/Running-Mastodon/Production-guide.md
+++ b/docs/Running-Mastodon/Production-guide.md
@@ -23,7 +23,8 @@ server {
   server_name example.com;
 
   ssl_protocols TLSv1.2;
-  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+  ssl_ciphers EECDH+AESGCM:EECDH+AES;
+  ssl_ecdh_curve secp384r1;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
 
source code fur Kibicat Mastodon