Nginx - SSL - This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B

Материал из Wiki - Iphoster - the best ever hosting and support. 2005 - 2024
Перейти к:навигация, поиск
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Nginx - SSL - This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B

как исправить ошибку при проверке ssl на сайте:

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B

Grade to B1.png

генерируем более сильный DHE параметр:

# cd /etc/nginx/
# openssl dhparam -out dhparam.pem 4096

и добавляем в конфиг nginx - использование DHE key-exchange:

# vi /etc/nginx/nginx.conf:
http {
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options "DENY";
ssl_session_cache builtin:1000 shared:SSL:10m;

All is a+.png