Some tweaks to the TLS crypto in nginx

So after a bit of playing about, I figured out why I was “only” getting an A grade on the SSL Labs test for this domain, despite it being on the HSTS preload list 🙂

Turns out it was a simple change to the HSTS header:

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

to include the “includeSubDomains; preload” part, which is required to get the A+ result on SSL Labs.

Tagged with: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *