nginx and TLS v1.2
Given that SSL and TLS, especially v1.0, suffer from serious security issues (e.g. https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS) I thought it would be a good idea to use the latest and more secure version of it: v1.2.
On CentOS 6.4 the openssl version included is quite old and doesn’t support TLS v1.1 and 1.2.
So, first of all we have to install the latest version 1.0.1e, it can be done compiling from sources or by adding a third party repository; I chose the latter.
rpm -ivh --nosignature http://rpm.axivo.com/redhat/axivo-release-6-1.noarch.rpm
yum --enablerepo=axivo update openssl
To create the certificate I personally prefer to use GnuTLS instead of openssl, so:
yum install gnutls-utils
certtool --generate-privkey --bits 4096 --outfile hostname.key
certtool --generate-self-signed --load-privkey uwot.eu.key --outfile hostname.crt
Edit nginx.conf or the desired virtual host file to include the two previously created files (.key and .crt) and then restart nginx.
The following command can be used to check the certificate used, encryption algorithm and so on.
openssl s_client -host hostname -port 443