HostOnNet Blog

Nginx SSL SslLabs A Rating

On Ubuntu Server with nginx, ssllabs give B rating for newly installed SSL certificate with a warning related to Diffie-Hellman.

To fix this, run

openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

Edit nginx.conf and add following inside http block.

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Example

root@localhost:/etc/nginx# cat nginx.conf 
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;

Posted in Nginx