SSL ciphers, disable or not to disable RC4?
Axel
ar at xlrs.de
Sun Jan 12 17:42:18 UTC 2014
I juggled around with ssl ciphers and tried to disable RC4, but still be
able to serve IE under WinXP.
Those ciphers are my choice - if anyone has 'better' ciphers or prefers
another order i am pleased to hear...
ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-
AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-
CBC3-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!PSK:!RC4:!MD5:!LOW;
You can test your ciphers online at https://www.ssllabs.com
rgds
Am 9.1.2014 10:29, schrieb Pekka.Panula at sofor.fi:
> Hi
>
> My current values in my nginx configuration for ssl_protocols/ciphers
> what i use is this:
>
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
>
> What are todays recommendations for ssl_ciphers option for supporting
> all current OSes and browsers, even Windows XP users with IE?
> Can i disable RC4?
>
> My nginx is compiled with OpenSSL v1.0.1.
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list