diff --git a/certs/dh1024.pem b/certs/dh1024.pem new file mode 100644 index 00000000..ed556fa4 --- /dev/null +++ b/certs/dh1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAJK00b6qK/4V0I3957Ms/HEymiq79cjUjGZnf5XIiPcbpmt8RCyj3nCE +XwcuBQE1UvthNE0kPvF1zxvcVqJD0pBIcqqSgFr0VvD0KXzs9EHuAFPv3SVp30Qx +6wxps3ipcu2rWcsznrOxlu/qr5QbxUCv9e0TqmJ9uc/+4NzYOGv7AgEC +-----END DH PARAMETERS----- diff --git a/certs/dh2048.pem b/certs/dh2048.pem new file mode 100644 index 00000000..855d55a3 --- /dev/null +++ b/certs/dh2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAkEMnd7CimroxGmWKEWZPWpbJ7YtMyzDciP44YvAudTR/LUXkUTX4 +dheDXjdvqxwX7ma+Y9gokQXZPizbMSswaKIw5ccefLADwP6VZhsMQRagCZGsPLET +epdhATgU2NhO6RBpfdbqeoG4IgStL4qCbsrRlxuIuFA/D2QVJDTZAZY47vxvTR/I +19rMA8EIvlI7L0dLlsL1PJDreBvHJOqcKGTDeyTqEwlaMY52VZ4FQ8Z9hCOvgRew +KK07HS96O8KWT/V5FPb75R8gueQg+fSzDOrrNs2sbRUhgeFf3gMdGAJGS0mpFPpx +qvrL/jiqqKvvDpTzcO9vF/pVVnwDv0rpuwIBAg== +-----END DH PARAMETERS----- diff --git a/domains/badssl.com/index.html b/domains/badssl.com/index.html index 00af97cb..d0fefb87 100644 --- a/domains/badssl.com/index.html +++ b/domains/badssl.com/index.html @@ -159,6 +159,8 @@ subdomain.
preloaded-hsts dh480 dh512 + dh1024 + dh2048 incomplete-chain rc4-md5
diff --git a/domains/dh1024.badssl.com.conf b/domains/dh1024.badssl.com.conf new file mode 100644 index 00000000..c26ddb72 --- /dev/null +++ b/domains/dh1024.badssl.com.conf @@ -0,0 +1,17 @@ +server { + listen 80; + server_name dh1024.badssl.com; + + return 301 https://$server_name$request_uri; +} + +server { + listen 443; + server_name dh1024.badssl.com; + + include /var/www/badssl/nginx-includes/wildcard.normal.conf; + include /var/www/badssl/nginx-includes/tls-dh1024.conf; + include /var/www/badssl/common/common.conf; + + root /var/www/badssl/domains/dh1024.badssl.com; +} diff --git a/domains/dh1024.badssl.com/index.html b/domains/dh1024.badssl.com/index.html new file mode 100644 index 00000000..2a2a1beb --- /dev/null +++ b/domains/dh1024.badssl.com/index.html @@ -0,0 +1,55 @@ + + + + dh1024.badssl.com + + + + + +

dh1024.badssl.com

+
This site uses an ephemeral Diffie-Hellman key exchange over a 1024-bit group.
+ + diff --git a/domains/dh2048.badssl.com.conf b/domains/dh2048.badssl.com.conf new file mode 100644 index 00000000..aa55a7e4 --- /dev/null +++ b/domains/dh2048.badssl.com.conf @@ -0,0 +1,17 @@ +server { + listen 80; + server_name dh2048.badssl.com; + + return 301 https://$server_name$request_uri; +} + +server { + listen 443; + server_name dh2048.badssl.com; + + include /var/www/badssl/nginx-includes/wildcard.normal.conf; + include /var/www/badssl/nginx-includes/tls-dh2048.conf; + include /var/www/badssl/common/common.conf; + + root /var/www/badssl/domains/dh2048.badssl.com; +} diff --git a/domains/dh2048.badssl.com/index.html b/domains/dh2048.badssl.com/index.html new file mode 100644 index 00000000..9a31b7a6 --- /dev/null +++ b/domains/dh2048.badssl.com/index.html @@ -0,0 +1,55 @@ + + + + dh2048.badssl.com + + + + + +

dh2048.badssl.com

+
This site uses an ephemeral Diffie-Hellman key exchange over a 2048-bit group.
+ + diff --git a/nginx-includes/tls-dh1024.conf b/nginx-includes/tls-dh1024.conf new file mode 100644 index 00000000..67647f6a --- /dev/null +++ b/nginx-includes/tls-dh1024.conf @@ -0,0 +1,7 @@ +ssl_dhparam /var/www/badssl/certs/dh1024.pem; + +ssl_session_timeout 5m; + +ssl_protocols TLSv1.1 TLSv1.2; +ssl_ciphers 'DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; +ssl_prefer_server_ciphers on; diff --git a/nginx-includes/tls-dh2048.conf b/nginx-includes/tls-dh2048.conf new file mode 100644 index 00000000..4790d394 --- /dev/null +++ b/nginx-includes/tls-dh2048.conf @@ -0,0 +1,7 @@ +ssl_dhparam /var/www/badssl/certs/dh2048.pem; + +ssl_session_timeout 5m; + +ssl_protocols TLSv1.1 TLSv1.2; +ssl_ciphers 'DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; +ssl_prefer_server_ciphers on;