SSL ciphers preference

B.R. reallfqq-nginx at yahoo.fr
Mon Sep 1 14:56:00 UTC 2014


Hello,

I filled a (now closed, because erroneous) enhancement ticket:
http://trac.nginx.org/nginx/ticket/619

As it appears, the change I noticed in the SSl test did not result from my
malformed ciphers list.
Right about that.

However, what is intriguing is the answer Maxim gave me on the second part
of my proposal: the default activation of ssl_prefer_server_ciphers
<http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers>
.

He saif that this option put to on made sense with a custome list but not
with the default one.

I confirm that the results of my tests changed. It was no because of the
ciphers list, but it was due to that other change.
Thus, the ciphers used by the emulated clients of the test changed
following the activation of that option, allowing me to pass the 'Forward
Secrecy' part of the test, resulting in an upgrade of my score from A- to A.

I jsut checked it again, removing my buggy ciphers list and (de)activating
de rprefer' option.

If using that option with the default ciphers list was useless, what had
that change an impact on the results of my test?
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140901/99cdc662/attachment-0001.html>


More information about the nginx mailing list