nginx SSL best practice including PFS and OCSP

nginx enables many additional features over Apache’s httpd server, which allows a much more secure SSL configuration, enabling features such as Perfect Forward Secrecy (PFS) which cannot be enabled using default Apache installs from repository.

Below is a guide on how to enable a very secure SSL configuration for your nginx server, including using Diffie–Hellman for key exchange, enabling Online Certificate Status Protocol (OCSP) features and making use of higher security ciphers and protocols only.

Continue reading “nginx SSL best practice including PFS and OCSP”