gvasalt/roots/webserver/nginx-ssl.conf

# Default TLS settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers kEECDH+AESGCM:kEECDH+AES:kEECDH:EDH+AESGCM:kEDH+AES:kEDH:AESGCM:ALL:!LOW:!EXP:!MD5:!aNULL:!eNULL:!RC4:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

ssl_dhparam {{ salt['pillar.get']('nginx:sslcertdir') }}/dhparams.pem;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

# use Google's DNS
resolver 8.8.8.8;
resolver_timeout 5s;
setup default nginx ssl/security configuration for vagrant 2015-10-04 19:32:42 +02:00			`# Default TLS settings`
			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`ssl_ciphers kEECDH+AESGCM:kEECDH+AES:kEECDH:EDH+AESGCM:kEDH+AES:kEDH:AESGCM:ALL:!LOW:!EXP:!MD5:!aNULL:!eNULL:!RC4:!DSS;`
			`ssl_prefer_server_ciphers on;`
			`ssl_session_cache shared:SSL:10m;`

			`ssl_dhparam {{ salt['pillar.get']('nginx:sslcertdir') }}/dhparams.pem;`

			`# OCSP stapling`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`

			`# use Google's DNS`
			`resolver 8.8.8.8;`
			`resolver_timeout 5s;`