Mercurial > hg > nginx-quic
annotate conf/fastcgi.conf @ 6554:1aa9650a8154
SSL: removed default DH parameters.
Using the same DH parameters on multiple servers is believed to be subject
to precomputation attacks, see http://weakdh.org/. Additionally, 1024 bits
are not enough in the modern world as well. Let users provide their own
DH parameters with the ssl_dhparam directive if they want to use EDH ciphers.
Note that SSL_CTX_set_dh_auto() as provided by OpenSSL 1.1.0 uses fixed
DH parameters from RFC 5114 and RFC 3526, and therefore subject to the same
precomputation attacks. We avoid using it as well.
This change also fixes compilation with OpenSSL 1.1.0-pre5 (aka Beta 2),
as OpenSSL developers changed their policy after releasing Beta 1 and
broke API once again by making the DH struct opaque (see ticket #860).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 19 May 2016 14:46:32 +0300 |
parents | 62869a9b2e7d |
children |
rev | line source |
---|---|
537 | 1 |
3383 | 2 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
537 | 3 fastcgi_param QUERY_STRING $query_string; |
4 fastcgi_param REQUEST_METHOD $request_method; | |
5 fastcgi_param CONTENT_TYPE $content_type; | |
6 fastcgi_param CONTENT_LENGTH $content_length; | |
7 | |
8 fastcgi_param SCRIPT_NAME $fastcgi_script_name; | |
9 fastcgi_param REQUEST_URI $request_uri; | |
10 fastcgi_param DOCUMENT_URI $document_uri; | |
11 fastcgi_param DOCUMENT_ROOT $document_root; | |
12 fastcgi_param SERVER_PROTOCOL $server_protocol; | |
6168
62869a9b2e7d
Added the REQUEST_SCHEME parameter.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4379
diff
changeset
|
13 fastcgi_param REQUEST_SCHEME $scheme; |
4379
4e2551a83291
Added the HTTPS fastcgi_param to fastcgi.conf.
Valentin Bartenev <vbart@nginx.com>
parents:
3383
diff
changeset
|
14 fastcgi_param HTTPS $https if_not_empty; |
537 | 15 |
16 fastcgi_param GATEWAY_INTERFACE CGI/1.1; | |
1330 | 17 fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; |
537 | 18 |
19 fastcgi_param REMOTE_ADDR $remote_addr; | |
20 fastcgi_param REMOTE_PORT $remote_port; | |
21 fastcgi_param SERVER_ADDR $server_addr; | |
22 fastcgi_param SERVER_PORT $server_port; | |
23 fastcgi_param SERVER_NAME $server_name; | |
24 | |
25 # PHP only, required if PHP was built with --enable-force-cgi-redirect | |
26 fastcgi_param REDIRECT_STATUS 200; |