Ssl

exemplo de ssl.conf

ssl_dhparam    /etc/nginx/conf.d/dhparams.pem;

ssl_protocols TLSv1.2 TLSv1.3;

# seguro e restrito
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-CCM8;

# um pouco mais macio, porém seguro
ssl_ciphers TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-CCM8:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305;

ssl_prefer_server_ciphers on;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

ssl_ecdh_curve secp521r1:secp384r1;

ssl_trusted_certificate /etc/letsencrypt/live/bolha.us/chain.pem;

ssl_session_cache shared:SSL:10m;
ssl_buffer_size 8k;
ssl_session_timeout 1d;
ssl_session_tickets off;