From ee41383f6108ac841e1b253322b623034849a524 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Wed, 16 Sep 2015 15:23:44 +0200
Subject: Use custom DH parameters and limit TLS ciphers


diff --git a/etc/nginx.conf b/etc/nginx.conf
index 431092a..ee815d3 100644
--- a/etc/nginx.conf
+++ b/etc/nginx.conf
@@ -10,6 +10,12 @@
 #
 
 #
+# TLS configuration.
+#
+ssl_ciphers HIGH:!aNULL:!MD5:!3DES:!SSLv2:@STRENGTH;
+ssl_dhparam /home/plugins/etc/ssl/dh-parameters.pem;
+
+#
 # Server definition for <https://www.monitoring-plugins.org/>.
 #
 server {
diff --git a/etc/ssl/dh-parameters.pem b/etc/ssl/dh-parameters.pem
new file mode 100644
index 0000000..959c2b4
--- /dev/null
+++ b/etc/ssl/dh-parameters.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEApsZ10FY/BvaU9d3FQ3USOTHn9CYnv4AK0VMfTVkDepP48mjfoXch
+RgQ9X9A54uQuFGnSH5k53mBv57Z6td/fRPzi4SLRvvUuDG9WIN7DHoVUwZIa+Z8o
+MNF+09inX+TCCct04SRO4H4/7tUCvxe7mX9dBX8wENmSERHerHhTFqFuelJjn5Wc
+xK7W6hCaFwVW9xvBa6MLR5VqvVftQVfIEoEnEEUjhXZeqF+rnMCpAGxdyoe7XL/I
+cfiuTratQ5NX9o10l7TTTQtbxJgf7oqRT4hDPUCqjNHoaBdgNsPuqGYwSX7EWxOy
+Z8n+GzWWmKenpUyOiT+3fPVHTy5AaNT+ewIBAg==
+-----END DH PARAMETERS-----
-- 
cgit v0.10-9-g596f