add support for ssl_dhparams to prevent 'Logjam' attack

2015-05-21 15:19:58 +08:00 · 2015-05-21 15:19:58 +08:00 · a10d1b50bf
parent 2b270c9353
commit a10d1b50bf
1 changed files with 4 additions and 0 deletions
--- a/nginx.tmpl
+++ b/nginx.tmpl
@ -105,6 +105,10 @@ server {
 	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
 	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};

+    {{ if (exists (printf "/etc/nginx/certs/%s.dhparams.pem" $cert)) }}
+    ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparams.pem" $cert }};
+    {{ end }}
+
 	add_header Strict-Transport-Security "max-age=31536000";

 	{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}