SSL ciphers, disable or not to disable RC4?

Pekka.Panula at Pekka.Panula at
Thu Jan 9 09:29:11 UTC 2014


My current values in my nginx configuration for ssl_protocols/ciphers what 
i use is this:

ssl_protocols      SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers          RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

What are todays recommendations for ssl_ciphers option for supporting all 
current OSes and browsers, even Windows XP users with IE?
Can i disable RC4?

My nginx is compiled with OpenSSL v1.0.1.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list