SSL ciphers, disable or not to disable RC4?

Darren Pilgrim list_nginx at
Sun Jan 12 19:08:58 UTC 2014

On 1/12/2014 9:42 AM, Axel wrote:
> I juggled around with ssl ciphers and tried to disable RC4, but still be
> able to serve IE under WinXP.
> Those ciphers are my choice - if anyone has 'better' ciphers or prefers
> another order i am pleased to hear...
> ssl_ciphers

HIGH will add in only high-grade ciphers, so you don't need to add them
manually or exclude export- and low-grade ciphers.  You can
use @STRENGTH to sort the list for you instead of doing it by hand:


XP schannel (IE, Outlook, et al) lacks AES support, IE6 only does SSLv3.

More information about the nginx mailing list