Category Archives: nginx

Increase SSL and TLS security on nginx and Apache by enabling PFS and HSTS

The default configuration of SSL is fine on most Linux distributions (you will get an A-Rating at SSL Labs), but still could be done a lot better and more secure. Goals we want to achieve: Enable Perfect Forward Secrecy (PFS) Enable HTTP Strict Transport Security (HSTS) Disable SSLv2 and SSLv3 PCI¬†compliant FIPS-ready¬†(optional) Don’t break IE… NOTE: the configuration below will … Continue reading

Posted in Apache, CentOS, Linux, nginx, Security | Tagged , , , , , , , , | 3 Comments