Is there an original source linking Qualys report codes to codes in nginx configuration?

B.R. reallfqq-nginx at yahoo.fr
Tue Jun 28 08:57:10 UTC 2016


nginx deals with an underlying library to manage TLS-ciphered content. The
webserver merely sends configuration data to it on startup/reload and uses
this library to do the actual (en/de)ciphering job.

The one officially supported is OpenSSL, for which cipher strings and
cipher suites are listed in its 'ciphers' module manual (man ciphers - best
- or https://www.openssl.org/docs/manmaster/apps/ciphers.html - worst).
You should use then to feed the ssl_ciphers
<http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers>
directive. What is accepted ultimately depends on the version of OpenSSL
(or any other TLS library) your version of nginx is linked with.
---
*B. R.*

On Tue, Jun 28, 2016 at 5:22 AM, vfclists . <vfclists at gmail.com> wrote:

>
> <http://security.stackexchange.com/questions/128513/is-there-an-original-informaton-source-linking-output-of-qualys-ssl-report-to-se#>
>
> The online tool at Qualys for testing webserver SSL configurations,
> https://www.ssllabs.com/ssltest/index.html, produces a list of codes like
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
> etc.
>
> There are a lot of howtos on the net, but none of them show how to relate
> the actual string codes to those in the webservers. It is easy enough to
> use them but there is no knowning how they arrive at those settings in
> particular.
>
> Is there some kind of table relating the Qualys codes with the actual
> codes used in nginx configurations?
>
>
> --
> Frank Church
>
> =======================
> http://devblog.brahmancreations.com
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160628/87aac554/attachment.html>


More information about the nginx mailing list