SSL ciphers, disable or not to disable RC4?

Jeffrey Walton noloader at gmail.com
Thu Jan 9 09:52:35 UTC 2014


On Thu, Jan 9, 2014 at 4:29 AM,  <Pekka.Panula at sofor.fi> wrote:
> Hi
>
> My current values in my nginx configuration for ssl_protocols/ciphers what i
> use is this:
>
> ssl_protocols      SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers          RC4:HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers   on;
>
> What are todays recommendations for ssl_ciphers option for supporting all
> current OSes and browsers, even Windows XP users with IE?
> Can i disable RC4?
>
The paper of interest is from AlFardan, Bernstein, et al: "On the
Security of RC4 in TLS and WPA"
(http://cr.yp.to/streamciphers/rc4biases-20130708.pdf‎). From the
paper:

    ... While the RC4 algorithm is known to have a
    variety of cryptographic weaknesses (see [26]
    for an excellent survey), it has not been previously
    explored how these weaknesses can be exploited
    in the context of TLS. Here we show that new and
    recently discovered biases in the RC4 keystream
    do create serious vulnerabilities in TLS when using
    RC4 as its encryption algorithm.

I don't believe there's a need for SSLv3 anymore either. TLSv1.0 is
pretty much ubiquitous, and its at nearly 100% for modern browser,
clients and servers.
https://en.wikipedia.org/wiki/Transport_Layer_Security#Applications_and_adoption.

You also migth want to include "!eNULL:!ADH:!ECADH:!MEDIUM:!LOW:!EXP'.
eNULL is great for performance, but it has a few problems for privacy.



More information about the nginx mailing list