Mozilla SSL Configuration Generator<\/a>“.
\nThis is outputted a ssl.conf to fit each environment. For example, Nginx, set of modern and SSL 1.01e version. etc..<\/p>\nSecond, about a ssl_ciphers.
\nApparently ECDHE-RSA-AES128-GCM-SHA256 is newer.
\nBecause<\/p>\n
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;<\/pre>\nPriority is high that it is written to the left.
\nIf you use a generator, it would include “DHE-RSA-AES128-GCM-SHA256”, but I have removed it. so that, so that, also, I didn’t create a dhparam.<\/p>\n
Third, about an OCSP Stapling.
\nThis is needed root CA certificate.
\nlike this.<\/p>\n
\n-----BEGIN CERTIFICATE-----\nRoot CA Certificate\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nIntermediate Certificate\n-----END CERTIFICATE-----\n<\/pre>\n\nssl.conf\n # OCSP Stapling ---\n # fetch OCSP records from URL in ssl_certificate and cache them\n ssl_stapling on;\n ssl_stapling_verify on;\n ssl_trusted_certificate ca-certs.pem;\n<\/pre>\nThat’s it.<\/p>\n
![\"sslshot\"](\"https:\/\/www.vincentina.net\/wp-content\/uploads\/2015\/12\/sslshot.png\")
<\/a><\/p>\nHow was it.
\nHave a good day!<\/p>\n
These are references.<\/p>\n
My Library
\nhttp:\/\/blog.mylibs.jp\/archives\/181<\/p>\n
![\"sslreport\"](\"https:\/\/www.vincentina.net\/wp-content\/uploads\/2015\/12\/sslreport.png\")
<\/a><\/p>\n