"nginx does not suck at ssl"

Grant emailgrant at gmail.com
Mon Mar 11 19:45:10 UTC 2013

>> After reading "nginx does not suck at ssl":
>> http://matt.io/entry/ur
>> I'm using:
>> ssl_ciphers
> Some of us use the following to mitigate BEAST attacks:
> ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!aNULL:!MD5:!EDH;

Thanks Mark, this is supposed to mitigate BEAST as well and it's only
slightly different than the default:

ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

Here is mex's link again:

I use the following for better performance:

ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;


- Grant

More information about the nginx mailing list