The Mozilla configuration tool for ciphers is generally the best source
for cipher information, they update it regularly as things change in
terms of "best ciphers to utilize" and security issues crop up.
All of those ciphers, in my opinion, are fine. The discussion of
whether these ciphers are free from vulnerabilities however is not an
NGINX issue, and an OpenSSL / SSL Spec discussion that extends far
beyond NGINX.
Thomas
On 5/3/21 12:47 PM, Kaushal Shriyan wrote:
Hi,
I am using Lets Encrypt SSL Certificates for Nginx 1.20.00 webserver
running on CentOS Linux release 7.9.2009 (Core). I will appreciate it
if someone can guide me to set the cipher suites in the Nginx
Webserver config. I am referring to https://ssl-config.mozilla.org/
<https://ssl-config.mozilla.org/>. Is there a way to verify if the
below cipher suites set are accurate and are free from any
vulnerabilities?
$openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
$cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
$nginx -v
nginx version: nginx/1.20.0
ssl_ciphers
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
Please guide and I look forward to hearing from you. Thanks in Advance.
Best Regards,
Kaushal
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
