- Plesk 12.5 for Linux
SSL Labs checker evaluates domains with A- or A score instead of A+ , Forward Secrecy is not supported. How to improve it?
Connect to the server via SSH.
/etc/nginx/conf.d/ssl.confconfiguration as follows:
# cat /etc/nginx/conf.d/ssl.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_headerdirective defines how much time browsers should keep security data for a site. 'max-age=31536000' equals to 1 year. 'includeSubDomains' applies these settings to all subdomains, but in this case, make sure that all subdomains have trusted certificates. If not, remove 'includeSubDomains' so that 'add_header' directive is as follows:
CONFIG_TEXT: add_header Strict-Transport-Security "max-age=31536000;";
Restart nginx service:
# service nginx restart