SSL Ciphers
Дилян Палаузов
dilyan.palauzov at aegee.org
Thu Mar 19 12:29:04 UTC 2015
Hello,
I have nginx linked openssl 1.0.2 and nginx and configured with
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH CAMELLIA
SHA256 SHA384 !aNULL !eNULL !LOW -3DES !MD5 !EXP !PSK -SRP !DSS !RC4 !EDH";
Nginx supports these ciphers:
ECDHE-RSA-AES256-GCM-SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES256-SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-AES128-GCM-SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
but openssl cipher -V 'the above list' prints in addition
AES128-SHA256
AES256-SHA256
CAMELLIA128-SHA
CAMELLIA256-SHA
DH-DSS-AES128-SHA256
DH-DSS-AES256-SHA256
DH-DSS-CAMELLIA128-SHA
DH-DSS-CAMELLIA256-SHA
DH-RSA-AES128-SHA256
DH-RSA-AES256-SHA256
DH-RSA-CAMELLIA128-SHA
DH-RSA-CAMELLIA256-SHA
ECDH-ECDSA-AES128-SHA256
ECDH-ECDSA-AES256-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA384
ECDH-RSA-AES128-SHA256
ECDH-RSA-AES256-SHA384
Can you tell me, why doesn't nginx support all ciphers printed by
openssl cipher using the same cipher-string?
I use ngonx 1.6.2 .
Thanks in advance for your answer
Dilyan
More information about the nginx
mailing list