http/2 needs "weaker" ciphers?

p.heppler nginx-forum at
Mon Oct 19 14:23:40 UTC 2015

The blacklist note says:
This list includes those cipher suites that do not offer an ephemeral key
exchange and those that are based on the TLS null, stream, or block cipher
type (as defined in Section 6.2.3 of [TLS12]).

But AES256+EECDH:AES256+EDH doesn't match this blacklist because those are
all ephemeral key exchange ciphers, aren't they?

Posted at Nginx Forum:,262084,262323#msg-262323

More information about the nginx mailing list