One of the benchmarks for configuring an SSL-based site is to achieve an A+ rating using the Qualys Server SSL Test. This is because Qualys has set a stringent set of expected results and minimum standards, designed to ensure that your website is as secure as possible.
Achieving this requires you to disable old protocols and ciphers, much in the way we do for PCI-DSS configurations. In fact, the basic PCI-DSS configuration we tested earlier already achieves an A+ rating. We're going to take it and go a bit further to give the ultimate SSL configuration for NGINX.
Some of these changes can cause backwards compatibility issues with older devices and browsers. Ensure you test it against your intended target audience thoroughly before using it in production.
Before we start, here's what a basic configuration (for example, our Let's Encrypt...
