Updated SSL cipher for support with HTTP2

Author: gau1991

nginx/debian/changelog

@@ -1,3 +1,9 @@
+nginx (1.8.0-9ppa) stable; urgency=high
+
+ * Improved SSL Cipher for better security and support with HTTP2
+
+ -- rtCamp <sys@rtcamp.com> Tue, 5 Jan 2016 16:49:16 +0530
+
 nginx (1.8.0-8ppa) stable; urgency=high
 
  * Added memc-nginx-module into nginx-custom package

nginx/debian/conf/nginx.conf

@@ -12,7 +12,7 @@ http {
 ##
 # EasyEngine Settings
 ##
-
+
 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
@@ -34,15 +34,15 @@ http {
 
 fastcgi_read_timeout 300;
 client_max_body_size 100m;
-
+
 ##
 # SSL Settings
 ##
-
+
 ssl_session_cache shared:SSL:20m;
 ssl_session_timeout 10m;
 ssl_prefer_server_ciphers on;
-ssl_ciphers HIGH:!aNULL:!MD5:!kEDH;
+ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 ##
@@ -109,17 +109,17 @@ http {
 #mail {
 #	# See sample authentication script at:
 #	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-# 
+#
 #	# auth_http localhost/auth.php;
 #	# pop3_capabilities "TOP" "USER";
 #	# imap_capabilities "IMAP4rev1" "UIDPLUS";
-# 
+#
 #	server {
 #	listen localhost:110;
 #	protocol pop3;
 #	proxy on;
 #	}
-# 
+#
 #	server {
 #	listen localhost:143;
 #	protocol imap;