nginx: Update SSL settings

Include link to mozilla's config generator (looks like the settings came from there) and update ssl_session_* settings to their current recommendation. Signed-off-by: Florian Pritz <bluewind@xinu.at>

nginx: Update SSL settings
45dae089 · Florian Pritz · 1d21532b · 45dae089
Verified Commit 45dae089 authored 8 years ago by Florian Pritz
--- a/roles/nginx/templates/sslsettings.conf
+++ b/roles/nginx/templates/sslsettings.conf
+# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.2&hsts=yes&profile=modern
 ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
 ssl_protocols TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/ssl/dhparams.pem;
-ssl_session_timeout  5m;
-ssl_session_cache    shared:SSL:10m;
+ssl_session_timeout 1d;
-ssl_stapling        on;
+ssl_session_cache shared:SSL:50m;
+ssl_session_tickets off;
+ssl_stapling on;
 ssl_stapling_verify on;
 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";