Getting forward secrecy enabled

mex nginx-forum at nginx.us
Wed Oct 2 04:52:49 UTC 2013


Hi justin, 

> even though I am using all the recommend settings.

which recommended settings? recommended by whom?

i learned that, from ssllabs-view, only the cipher-suites recommended by
ivan ristic seem to work:
http://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#perfect-forward-secrecy
all other cipher-suites i found "somewhere" that should enable PFS dont seem
to work,
at least for sslabs.

problem is: there is no other way (that i know of) than ssllabs to check
your server-settings
and check PFS.

but PFS also depends on your openssl-version.


regards, 

mex

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,243341,243343#msg-243343



More information about the nginx mailing list