Use secure ciphers and TLS protocols where supported

nginx.conf

@@ -161,8 +161,27 @@ http {
 
         include /usr/local/openresty/nginx/conf/locations/*.conf ;
     }
-
-    include /usr/local/openresty/nginx/conf/nginx_sysdig_server.conf ;
+
+    server {
+      listen 10088;
+      // When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used.
+      // If this directive is enabled, the server's preference will be used instead
+      ssl_prefer_server_ciphers on;
+      // enable the shared session cache to help reduce the processor load
+      ssl_session_cache shared:SSL:10m;
+      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+      // The recommended cipher suite for backwards compatibility with Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1:
+      ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
+      location /nginx_status {
+        stub_status on;
+        access_log   off;
+        allow 127.0.0.1;
+        deny all;
+      }
+   }
+
+   include /usr/local/openresty/nginx/conf/nginx_sysdig_server.conf ;
 }
+
 events {
 }