From 1d7a326ec6e37cfabaa2d86e1a88ba6cea282b16 Mon Sep 17 00:00:00 2001
From: JoeChapman <joseph.philip.chapman@gmail.com>
Date: Thu, 26 Jan 2017 20:06:38 +0000
Subject: [PATCH] Use secure ciphers and TLS protocols where supported

---
 nginx.conf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nginx.conf b/nginx.conf
index 35e8894..4f162f4 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -161,6 +161,14 @@ http {
     }
     server {
       listen 10088;
+      // When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used.
+      // If this directive is enabled, the server's preference will be used instead
+      ssl_prefer_server_ciphers on;
+      // enable the shared session cache to help reduce the processor load
+      ssl_session_cache shared:SSL:10m;
+      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+      // The recommended cipher suite for backwards compatibility (IE6/WinXP):
+      ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
       location /nginx_status {
         stub_status on;
         access_log   off;