[PATCH] update default ssl_ciphers value

Maxim Dounin mdounin at mdounin.ru
Mon Aug 3 17:31:37 UTC 2015


On Mon, Aug 03, 2015 at 05:51:34PM +0100, Mike MacCana wrote:

> The current example value for ssl_ciphers in nginx (HIGH:!aNULL:!MD5) has a
> number of security issues, including:
>     - Weak DH key exchange / vulnerability to logjam attack

This is not really related to the cipher suite used, but rather to 
the DH paramters used.  We may consider removing default DH 
parameters from nginx code instead.

>     - Preferring AES-CBC instead of GCM, which causes an 'obsolete cipher
> suite' message in recent versions of Chrome

There is no preference enforced by nginx by default.

>     - 128 bit AES should be preferred over 192 and 256 bit AES considering
> attacks that specifically affect the larger key sizes but do not affect AES
> 128

As far as I undersand, this is about related-key attacks and 
doesn't really affect nginx operation.  The "no preference" above 
also applies.

Overral answer:

No, thanks.  And even if some of the over concens were valid, the 
answer would be the same.  The default is kept good enough to be 
generally usable, and it doesn't try to account for any recent 
cryptographic findings, nor it tries to enforce any chipher 
preferences on server.  This approach is believed to be better in 
a quickly changing world assuming the administrator is not 
tracking recent attacks and changes the configuration accordingly.

Maxim Dounin

More information about the nginx-devel mailing list