Nginx

some nginx hints

SSL stuff

hardening SSL

post snowden ssl-hardening:

ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

PFS

cd /path/to/your/certs/
openssl dhparam -out dhparam.pem 2048

and edit nginx config:

ssl_dhparam /path/to/your/certs/dhparam.pem;

HSTS

HTTP Strict Transport Security.
if possible run https ONLY pages...
in post-snowden age this should be done... so add to your port-80-vhost:

server {
   [...]
   add_header Strict-Transport-Security max-age=15768000;
   return 301 https://www.traumartig.de$request_uri;
   [...]
}

SSL test

test you ssl-implementation here:

1. SSL-Server-Test
2. SSL-Client/Browser-Test