issue with ssl_ciphers not being respected

Jessica Litwin jessica at
Fri Oct 17 23:28:50 UTC 2014

using openssl101j, I get the same results with  the following in both my
vhost config and nginx.conf

    ssl_protocols TLSv1.2 TLSv1.1;
    ssl_prefer_server_ciphers on;

RC4 cipher is used with TLS 1.1 or newer protocols, even though stronger
ciphers are available.

What the hell am I doing wrong?

On Fri, Oct 17, 2014 at 6:14 AM, itpp2012 <nginx-forum at> wrote:

> Scott Larson Wrote:
> -------------------------------------------------------
> > Something else must be going on here. Looking at your ssl_cipher
> > string, you're opening with a rough declaration of specific ciphers
> > you'll
> > support, none of which should pull in RC4. It's specific enough in
> > fact
> > that your subsequent excluded ciphers don't even come into play. To
> > test
> > this I switched in my old RSA cert, rebuilt 1.7.6 against OpenSSL
> > 1.0.1j,
> Which is why I said try 101j, between 101e and j there are big differences
> when it comes to invalid fallbacks.
> Not even mentioning using 101e is asking to be hacked.
> Posted at Nginx Forum:
> _______________________________________________
> nginx mailing list
> nginx at

Jessica K. Litwin
twitter: press5
aim: press5key
skype: dr_jkl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list