[PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

[Maxim Dounin]

Hello!

On Mon, Sep 23, 2013 at 03:55:36PM -0700, Piotr Sikora wrote:

> Hi Maxim,
> 
> >> Proxy: added the "proxy_ssl_ciphers" directive.
> >
> > Already asked in another thread if it really worth adding.
> 
> Yes, it is, and in my experience this one is much more useful than
> "proxy_ssl_protocols".
> 
> Basically, there are 2 categories of broken SSL servers:
> 1. cannot accept ClientHello that's > 255 bytes,
> 2. cannot downgrade gracefully to a common supported TLS version.

Fair enough, thanks for detailed answer.

[...]

> > This modifies current behaviour, and only allows to use
> > HIGH:!aNULL:!MD5 chipers by default.  Are there any specific
> > reasons to?
> >
> > The "!aNULL" looks especially wierd, as we don't check peers
> > certificates anyway.
> 
> Good catch! Because of the issues above, we specify our own (rather
> limited) list of cipher suites that we advertise to the backend
> servers during SSL handshake, so I didn't notice that the defaults I
> provided are much stricter than necessary.
> 
> In that case, I'd probably stick with "DEFAULT" (updated patch will
> follow)... Just keep in mind that nginx compiled against OpenSSL-1.0.1
> will be sending ClientHello that's 316 bytes in size and will have
> issue with broken SSL servers... Whether or not that's something that
> nginx should worry about it's another matter, but just to give you
> some perspective, last time I checked it was ~0.15% of servers that
> didn't like big ClientHello messages.

Given the fact that even with "HIGH:!aNULL:!MD5" nginx with recent 
OpenSSL results in the 300+ bytes client hello messages, 
preserving "DEFAULT" is probably good enough.  We may consider 
adding relevant hints to the documentation if there will be many 
problem reports.

-- 
Maxim Dounin
http://nginx.org/en/donation.html