SSL ciphers, disable or not to disable RC4?

Axel ar at xlrs.de
Mon Jan 13 08:59:54 UTC 2014


Am 12.1.2014 20:08, schrieb Darren Pilgrim:
> HIGH will add in only high-grade ciphers, so you don't need to add them
> manually or exclude export- and low-grade ciphers.  You can
> use @STRENGTH to sort the list for you instead of doing it by hand:
> 
> ssl_ciphers HIGH:!CAMELLIA:!RC4:!PSK:!aNULL:@STRENGTH;
> 
> XP schannel (IE, Outlook, et al) lacks AES support, IE6 only does 
> SSLv3.

thx for this info. i'll check the differences.

rgds



More information about the nginx mailing list