From 394dbeb5d7614c352871f5c52628f5f02404ea16 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 13 Sep 2014 15:09:29 +0100 Subject: [PATCH] Strict transport security off --- beaglebone.txt | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/beaglebone.txt b/beaglebone.txt index 8f4a9429..003e58dc 100644 --- a/beaglebone.txt +++ b/beaglebone.txt @@ -2546,7 +2546,10 @@ server { ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'; - add_header Strict-Transport-Security max-age=15768000; # six months + add_header Strict-Transport-Security "max-age=0;"; + # Only uncomment one of the Strict-Transport-Security entries if you are + # not using a self-signed certificate + # add_header Strict-Transport-Security max-age=15768000; # six months # use this only if all subdomains support HTTPS! # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; @@ -4987,9 +4990,12 @@ server { ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'; - #add_header Strict-Transport-Security max-age=15768000; # six months + add_header Strict-Transport-Security "max-age=0;"; + # Only uncomment one of the Strict-Transport-Security entries if you are + # not using a self-signed certificate + # add_header Strict-Transport-Security max-age=15768000; # six months # use this only if all subdomains support HTTPS! - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; client_max_body_size 6m; @@ -5527,7 +5533,10 @@ server { ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'; - add_header Strict-Transport-Security max-age=15768000; # six months + add_header Strict-Transport-Security "max-age=0;"; + # Only uncomment one of the Strict-Transport-Security entries if you are + # not using a self-signed certificate + # add_header Strict-Transport-Security max-age=15768000; # six months # use this only if all subdomains support HTTPS! # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; @@ -7212,9 +7221,12 @@ server { ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'; - #add_header Strict-Transport-Security max-age=15768000; # six months + add_header Strict-Transport-Security "max-age=0;"; + # Only uncomment one of the Strict-Transport-Security entries if you are + # not using a self-signed certificate + # add_header Strict-Transport-Security max-age=15768000; # six months # use this only if all subdomains support HTTPS! - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; client_max_body_size 6m;