- Plesk 12.5 for Linux
SSLLabs checker evaluates domains with A- or A score instead of A+ , Forward Secrecy is not supported. How to improve it?
configuration as follows:
# cat /etc/nginx/conf.d/ssl.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
directive defines how much time browsers should keep security data for a site.
equals to 1 year.
applies these settings to all subdomains, but in this case, make sure that all subdomains have trusted certificates. If not, remove
directive is as follows:
add_header Strict-Transport-Security "max-age=31536000;";