New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://www.ssllabs.com/ssltest/analyze.html - B rating per default #535
Comments
This sounds like a good idea, and I started to implement a pull request for it, but then it occurred to me that if we generate The question I have is, "is it any less secure to generate a |
I've added a branch |
hmm .. I'am also not that SSL expert. But the idea to have a "default" pre-generated file and then use your own from There should be a place where this is documented for the end-user (like, please replace the default generated dhparam.pem file with your own. You can use this command: ....). I was only stumbled over this problem after checking my new https site based on this nice solution. And I found it easy to get an A+ rating with this simple "replacement". But I'am with you, that a generation or startup of minutes because of generating such file is not a good solution. |
Some addition problems:
And on handshake simulation:
Got |
Weird, I don't know why HSTS would have failed, and I believe session caching is enabled by default. |
When using SSL Support and |
It would be nice if the default nginx.conf can contain the line
ssl_dhparam /etc/nginx/certs/dhparam.pem;
inside the
http {
tagYou can create the default dhparam file with
openssl dhparam -out dhparam.pem 2048
The problem is, that the default length ist 1024 which does the B rating. With a 2048 pem file, a A+ rating can be obtained.
No need to do this for every proxied container
The text was updated successfully, but these errors were encountered: