Hello. I want to suggest this patch for /etc/nginx/nginx.conf in OpenBSD 5.7.
The nginx config (although disabled by default) supports weak Diffie Hellman
cipher according to ssllabs.com test
(Grade B).
--- nginx.conf Tue Jul 21 12:18:44 2015
+++ nginx.conf Tue Jul 21 10:52:27 2015
@@ -114,7 +114,7 @@
# ssl_session_timeout 5m;
# ssl_session_cache shared:SSL:1m;
- # ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
+ # ssl_ciphers HIGH:!aNULL:!MD5:!RC4:!DHE;
# ssl_prefer_server_ciphers on;
#}
