https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html is a pretty decent write-up.
IME, you need to present an HSTS header, otherwise an A+ is never awarded even with the strictest cipher suite and largest keys and DH primes. To be frank though, achieving an A+ is not a very very worthwhile goal; yes, setting up strong crypto is _very_ important, but what's more important is understanding what you're configuring and why, not just reading a guidebook. May I also offer another tool for checking TLS configs: https://github.com/rbsec/sslscan, if only to have another source for verifying TLS configs (IMO, relying exclusively on one single opinion, e.g. Qualsys, as THE authoritative source of truth for a 'proper' secure config is dangerous). On Fri, Nov 4, 2016 at 2:20 PM, Alex Samad <a...@samad.com.au> wrote: > Hi > > Any one got a write up on how to get a A+ from this site. > > I can get a A and I have to support tls1.0 which might be dragging me down > ! > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
