SSL ciphers, disable or not to disable RC4?

Axel ar at xlrs.de
Sun Jan 12 17:42:18 UTC 2014


I juggled around with ssl ciphers and tried to disable RC4, but still be 
able to serve IE under WinXP.

Those ciphers are my choice - if anyone has 'better' ciphers or prefers 
another order i am pleased to hear...

ssl_ciphers 
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA- 
AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES- 
   
CBC3-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!PSK:!RC4:!MD5:!LOW;

You can test your ciphers online at https://www.ssllabs.com

rgds


Am 9.1.2014 10:29, schrieb Pekka.Panula at sofor.fi:
> Hi
> 
> My current values in my nginx configuration for ssl_protocols/ciphers
> what i use is this:
> 
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
> 
> What are todays recommendations for ssl_ciphers option for supporting
> all current OSes and browsers, even Windows XP users with IE?
> Can i disable RC4?
> 
> My nginx is compiled with OpenSSL v1.0.1.
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list