How To Get A+ Score on Qualys SSL Labs For Nginx Server

How To Get A+ Score on Qualys SSL Labs For Nginx Server

Its long since my last post.
Here’s the optimal configuration for Nginx for getting A+ Score on ssllabs.com
I have tested this working on Ubuntu 14.04.

SSLLABSAPlus

  1. Generate dhparams file with below command
    openssl dhparam -out /etc/nginx/dhparam.pem 2048
  2. Edit your site configuration for eg. ( /etc/nginx/sites-enabled/yourwebsite.com)
  3. ¬†Add / Change your site’s configuration as per below code.
    server {
            listen 443 ssl;
            server_name www.yourwebsite.com;
            ssl on;
            ssl_dhparam /etc/nginx/dhparam.pem;
            ssl_certificate /path/to/your/cert/file;
            ssl_certificate_key /path/to/your/cert/file;
            ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
            ssl_prefer_server_ciphers on;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-  RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
            ssl_session_cache shared:TLS:2m;
            ssl_stapling on;
            add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
    }
  4. Restart Nginx Server
    service nginx restart

     

Hope this helps !
Feel Free To Reach Me From Contact Page If You Have Any Issues.

 

 

No Comments

Sorry, the comment form is closed at this time.