Nginx - SSL - This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B
Материал из Wiki - Iphoster - the best ever hosting and support. 2005 - 2025
Nginx - SSL - This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B
как исправить ошибку при проверке ssl на сайте:
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B
генерируем более сильный DHE параметр:
# cd /etc/nginx/ # openssl dhparam -out dhparam.pem 4096
и добавляем в конфиг nginx - использование DHE key-exchange:
# vi /etc/nginx/nginx.conf: http { .... ssl_dhparam /etc/nginx/dhparam.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options "DENY"; ssl_session_cache builtin:1000 shared:SSL:10m; ..... }