Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- nginx [2024-02-17 00:27:46] – manfred
+++ nginx [2024-07-27 22:34:48] (aktuell) – [SSL/TLS] david
@@ Zeile 459: / Zeile 459: @@
 === SSL/TLS ===
+siehe [[letsencrypt#mit_hook|letsencrypt (mit hook)]]
 <code nginx /etc/nginx/snippets/ssl.conf>
@@ Zeile 470: / Zeile 472: @@
 ssl_certificate_key     /etc/letsencrypt/live/rsa-EXAMPLE.COM/privkey.pem;
-# SSL Labs (Cipher Strength): min. AES-256 equivalent for 100% grade (TLS 1.3 requires a AES-128 cipher)
+# SSL Labs (Cipher Strength): min. AES-256 equivalent for 100% grade (TLS 1.3 requires a AES-128 cipher tho)
 ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256;
@@ Zeile 497: / Zeile 499: @@
 # verify chain of trust of OCSP response using root ca and intermediate certs
-# disabled since only one directive is supported even though multiple certs are used
+# combine to one file as this directive can only be specified once
-#ssl_trusted_certificate /etc/letsencrypt/live/ecdsa-EXAMPLE.COM/chain.pem;
+# cat /etc/letsencrypt/live/*/chain.pem > /etc/letsencrypt/live/chain.pem
-#ssl_trusted_certificate /etc/letsencrypt/live/rsa-EXAMPLE.COM/chain.pem;
+ssl_trusted_certificate /etc/letsencrypt/live/chain.pem;
 </code>