Set Server Side TLS to "modern"

Understood that modifiction in MiaB is not recommended and overwritten after each update. Understand also that due to compatibility issues, MiaB uses mozillas default/moderate TLS configuration. However, can someone tell me what file (and its location) I have to change to enter the modern settings?

The link you have provided is your best starting point:

This is what you have now in /etc/nginx/conf.d/ssl.conf :

# Reference client: htps://
ssl_prefer_server_ciphers on;

# Cut out (the old, broken) SSLv3 entirely.
# This excludes IE6 users and (apparently) Yandexbot.
# Just comment out if you need to support IE6, bless your soul.
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

Compare with this from your link Nginx v.1.4.6 generator:

# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;

I would go another route - if you would do any modifications: I’d rather uninstall Nginx v.1.4.6 from the default Ubuntu 14 repo and add and install latest stable Nginx v.1.12.2 from Nginx repo - Then you could benefit the latest HTTP2 for speed and also security improvements. You’ll have to use ssl-config-generator for the version you choose to install.

As always this is not supported mod, any update may break your MIAB so test everything on a test VM and then move to production if your mail server is critical for you.

1 Like