nginx and ssl ciphers

Scott Larson stl at wiredrive.com
Wed Mar 18 22:45:00 UTC 2015


     Running SSL correctly goes deeper than just declaring ciphers, and at
the least I'd recommend using the more modern versions with ECDHE unless
there is a technical reason you cannot. That said:

     ssl_prefer_server_ciphers on;

 ssl_ciphers AES256-SHA256:AES256-SHA:AES128-SHA256:AES128-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA;


*[image: userimage]Scott Larson[image: los angeles]
<https://www.google.com/maps/place/4216+Glencoe+Ave,+Marina+Del+Rey,+CA+90292/@33.9892151,-118.4421334,17z/data=!3m1!4b1!4m2!3m1!1s0x80c2ba88ffae914d:0x14e1d00084d4d09c>Lead
Systems Administrator[image: wdlogo] <https://www.wiredrive.com/> [image:
linkedin] <https://www.linkedin.com/company/wiredrive> [image: facebook]
<https://www.twitter.com/wiredrive> [image: twitter]
<https://www.facebook.com/wiredrive> [image: instagram]
<https://www.instagram.com/wiredrive>T 310 823 8238 x1106
<310%20823%208238%20x1106>  |  M 310 904 8818 <310%20904%208818>*

On Wed, Mar 18, 2015 at 2:55 PM, ManuelRighi <nginx-forum at nginx.us> wrote:

> Hello,
> I need to configure my nginx web server with only specific ssl ciphers.
> I need to use only this ciphers:
>
> TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
> TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
> TLS_RSA_WITH_RC4_128_MD5 (0x0004)
> TLS_RSA_WITH_RC4_128_SHA (0x0005)
> TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
> TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
>
>
> Someone can help me on how I do ?
>
> Tnx
> Manuel
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,257416,257416#msg-257416
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150318/0c39900f/attachment.html>


More information about the nginx mailing list