Nginx - SSL - This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B


Материал из Wiki - Iphoster - 'the best ever hosting and support

Перейти к: навигация, поиск

Nginx - SSL - This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B

как исправить ошибку при проверке ssl на сайте:

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B


Grade to B1.png

генерируем более сильный DHE параметр:

# cd /etc/nginx/
# openssl dhparam -out dhparam.pem 4096


и добавляем в конфиг nginx - использование DHE key-exchange:

# vi /etc/nginx/nginx.conf:
http {
....
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options "DENY";
ssl_session_cache builtin:1000 shared:SSL:10m;
.....
}



Результат:
All is a+.png

Индекс цитирования