Easy Engine: Upgrading SSL Security

SSL Labs has capped my security rating at a B because of the Diffie-Hellman Key Exchange.

ssl-labs-b-rating-diffie-hellman-key-exchange

After a bit of Googling and some frustration, I came across ScaleScale.com’s article on how to fix this.

Hardening Nginx SSL/TSL Configuration

Since we’re using Easy Engine, Steps 1 and 2 can be skipped as this has already been configured. However, step 3 has not been done.   Run the following command:

Then edit the nginx.conf file in /etc/nginx/nginx.conf and add the following line into the HTTP block:

After you save the nginx.connf file, text the Nginx config:

If all is well, go ahead and restart Nginx so the new configuration will take affect.

Tada! Grade A on SSL Labs now.

ssl-labs-grade-a-steven-kohlmeyer-dot-com

Also a useful site for encryption ciphers for servers I found today is: https://cipherli.st/

Leave a Reply