ECDH only

Disable DHE ciphers. We don't loose any compatibility as we already use TLS 1.2, and ECDH is faster and safer. Also, it's better so specify the curve. This is the conf I use here : https://tls.imirhil.fr/https/mstdn.io
author: Angristan <stanislas.lange@protonmail.com> 2017-04-05 10:44:08 +0200
committer: GitHub <noreply@github.com> 2017-04-05 10:44:08 +0200
commit: 5dbcd92193f45d71629e261cc264725d59f2ea6c (patch)
tree: 5f0d0efadeccaa77d0124095bdcccd9fc9194444
parent: 792389da38145e6591f58c725b37965679ee4531 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/docs/Running-Mastodon/Production-guide.md b/docs/Running-Mastodon/Production-guide.md
index d539ddf64..3912fd2ba 100644
--- a/docs/Running-Mastodon/Production-guide.md
+++ b/docs/Running-Mastodon/Production-guide.md
@@ -23,7 +23,8 @@ server {
   server_name example.com;
 
   ssl_protocols TLSv1.2;
-  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+  ssl_ciphers EECDH+AESGCM:EECDH+AES;
+  ssl_ecdh_curve secp384r1;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
author	Angristan <stanislas.lange@protonmail.com>	2017-04-05 10:44:08 +0200
committer	GitHub <noreply@github.com>	2017-04-05 10:44:08 +0200
commit	5dbcd92193f45d71629e261cc264725d59f2ea6c (patch)
tree	5f0d0efadeccaa77d0124095bdcccd9fc9194444
parent	792389da38145e6591f58c725b37965679ee4531 (diff)