SSL Cipher suites settings in Nginx webserver

Thomas Ward teward at thomas-ward.net
Mon May 3 16:51:51 UTC 2021


The Mozilla configuration tool for ciphers is generally the best source 
for cipher information, they update it regularly as things change in 
terms of "best ciphers to utilize" and security issues crop up.

All of those ciphers, in my opinion, are fine.  The discussion of 
whether these ciphers are free from vulnerabilities however is not an 
NGINX issue, and an OpenSSL / SSL Spec discussion that extends far 
beyond NGINX.


Thomas


On 5/3/21 12:47 PM, Kaushal Shriyan wrote:
> Hi,
>
> I am using Lets Encrypt SSL Certificates for Nginx 1.20.00 webserver 
> running on CentOS Linux release 7.9.2009 (Core). I will appreciate it 
> if someone can guide me to set the cipher suites in the Nginx 
> Webserver config. I am referring to https://ssl-config.mozilla.org/ 
> <https://ssl-config.mozilla.org/>. Is there a way to verify if the 
> below cipher suites set are accurate and are free from any 
> vulnerabilities?
>
> $openssl version
> OpenSSL 1.0.2k-fips  26 Jan 2017
> $cat /etc/redhat-release
> CentOS Linux release 7.9.2009 (Core)
> $nginx -v
> nginx version: nginx/1.20.0
>
> ssl_ciphers 
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
>
> Please guide and I look forward to hearing from you. Thanks in Advance.
>
> Best Regards,
>
> Kaushal
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210503/2355e471/attachment.htm>


More information about the nginx mailing list