SSL Cipher suites settings in Nginx webserver
Thomas Ward
teward at thomas-ward.net
Mon May 3 16:51:51 UTC 2021
The Mozilla configuration tool for ciphers is generally the best source
for cipher information, they update it regularly as things change in
terms of "best ciphers to utilize" and security issues crop up.
All of those ciphers, in my opinion, are fine. The discussion of
whether these ciphers are free from vulnerabilities however is not an
NGINX issue, and an OpenSSL / SSL Spec discussion that extends far
beyond NGINX.
Thomas
On 5/3/21 12:47 PM, Kaushal Shriyan wrote:
> Hi,
>
> I am using Lets Encrypt SSL Certificates for Nginx 1.20.00 webserver
> running on CentOS Linux release 7.9.2009 (Core). I will appreciate it
> if someone can guide me to set the cipher suites in the Nginx
> Webserver config. I am referring to https://ssl-config.mozilla.org/
> <https://ssl-config.mozilla.org/>. Is there a way to verify if the
> below cipher suites set are accurate and are free from any
> vulnerabilities?
>
> $openssl version
> OpenSSL 1.0.2k-fips 26 Jan 2017
> $cat /etc/redhat-release
> CentOS Linux release 7.9.2009 (Core)
> $nginx -v
> nginx version: nginx/1.20.0
>
> ssl_ciphers
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
>
> Please guide and I look forward to hearing from you. Thanks in Advance.
>
> Best Regards,
>
> Kaushal
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210503/2355e471/attachment.htm>
More information about the nginx
mailing list