SSL ciphers preference

Maxim Dounin mdounin at mdounin.ru
Mon Sep 1 18:07:29 UTC 2014 

Hello!

On Mon, Sep 01, 2014 at 04:56:00PM +0200, B.R. wrote:

> Hello,
> 
> I filled a (now closed, because erroneous) enhancement ticket:
> http://trac.nginx.org/nginx/ticket/619
> 
> As it appears, the change I noticed in the SSl test did not result from my
> malformed ciphers list.
> Right about that.
> 
> However, what is intriguing is the answer Maxim gave me on the second part
> of my proposal: the default activation of ssl_prefer_server_ciphers
> <http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers>
> .
> 
> He saif that this option put to on made sense with a custome list but not
> with the default one.
> 
> I confirm that the results of my tests changed. It was no because of the
> ciphers list, but it was due to that other change.
> Thus, the ciphers used by the emulated clients of the test changed
> following the activation of that option, allowing me to pass the 'Forward
> Secrecy' part of the test, resulting in an upgrade of my score from A- to A.
> 
> I jsut checked it again, removing my buggy ciphers list and (de)activating
> de rprefer' option.
> 
> If using that option with the default ciphers list was useless, what had
> that change an impact on the results of my test?

Switching on or off ssl_prefer_server_ciphers obviously may change 
score as reported by SSL Labs, since it can (and likely will) 
change ciphers negotiated in some cases.  But it's usually not 
a good idea to switch it on unless you understand the results and 
have a good reason to do so.

By default, OpenSSL sorts ciphers per symmetric encryption 
strength, and prefers ciphers with forward secrecy if strength is 
identical.  As a result you may get better forward secrecy support 
if you'll switch on ssl_prefer_server_ciphers - or not, depending 
on actual ciphers supported by clients.  E.g., AES256-SHA will be 
preferred over ECDHE-RSA-AES128-SHA, which is probably not what 
you want.

Another example: DHE-RSA-AES256-SHA256 will be preferred over 
ECDHE-RSA-AES128-SHA256.  On the other hand, you probably 
don't want DHE to be used at all for performance reasons.

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx mailing list