How to get an A+ Rating with 100% score on the SSLLabs Test with NGINX

It can be a challange to get an A+ rating on a SSLLabs test, but i have done a configuration below that you are welcome to steal.

listen   443;

        ssl    on;
        ssl_prefer_server_ciphers on;
        ssl_session_cache    shared:SSL:50m;
        ssl_session_timeout  10m;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        add_header Strict-Transport-Security "max-age=31536000";
        ssl_certificate    /etc/nginx/ssl/;
        ssl_protocols       TLSv1.1 TLSv1.2;
        ssl_ecdh_curve secp384r1;
        ssl_certificate_key    /etc/nginx/ssl/;

My pem file is just a text file containing the signed certificate and a SSL bundle.

To generate your dhparam.pem file, run in the terminal

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

Leave a Reply

Your email address will not be published. Required fields are marked *

− 3 = 7