strong ssl ciphers - browsers

Lukas Tribus luky-37 at
Tue May 8 22:15:39 UTC 2012

Hi Hajo,



BEAST has nothing todo with weak ciphers. Because the workaround is to prefer RC4 over AES from the server side, you are not excluding any browsers (however, a short check with the oldest supported platform isn't a bad idea either).




I noticed the documentation about the default of the ssl_ciphers keyword isn't up-to-date: !ADH was replaced with !aNULL in 1.0.5 [2]. Can someone update the docs?






More information about the nginx mailing list