Welcome! Log In Create A New Profile

Re: SSL ciphers, disable or not to disable RC4?

Forum List Message List New Topic Print View

Darren Pilgrim

January 12, 2014 02:10PM

On 1/12/2014 9:42 AM, Axel wrote:
> I juggled around with ssl ciphers and tried to disable RC4, but still be
> able to serve IE under WinXP.
>
> Those ciphers are my choice - if anyone has 'better' ciphers or prefers
> another order i am pleased to hear...
>
> ssl_ciphers
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-
> AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-
>
> CBC3-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!PSK:!RC4:!MD5:!LOW;

HIGH will add in only high-grade ciphers, so you don't need to add them
manually or exclude export- and low-grade ciphers. You can
use @STRENGTH to sort the list for you instead of doing it by hand:

ssl_ciphers HIGH:!CAMELLIA:!RC4:!PSK:!aNULL:@STRENGTH;

XP schannel (IE, Outlook, et al) lacks AES support, IE6 only does SSLv3.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
SSL ciphers, disable or not to disable RC4?	Anonymous User	January 09, 2014 04:30AM
Re: SSL ciphers, disable or not to disable RC4?	nano	January 09, 2014 04:44AM
Re: SSL ciphers, disable or not to disable RC4?	Jeffrey Walton	January 09, 2014 04:54AM
RE: SSL ciphers, disable or not to disable RC4?	Lukas Tribus	January 09, 2014 04:54AM
Re: SSL ciphers, disable or not to disable RC4?	Jeffrey Walton	January 09, 2014 05:06AM
PHP below server root not served	nano	January 09, 2014 05:26AM
Re: PHP below server root not served	Richard Stanway	January 09, 2014 05:30AM
Re: PHP below server root not served	nano	January 09, 2014 05:34AM
Re: PHP below server root not served	Francis Daly	January 09, 2014 05:56AM
Re: PHP below server root not served	nano	January 09, 2014 06:46AM
Re: PHP below server root not served	nano	January 09, 2014 07:42AM
Re: PHP below server root not served	B.R.	January 09, 2014 08:00AM
Re: PHP below server root not served	nano	January 09, 2014 08:52AM
Re: PHP below server root not served	Francis Daly	January 09, 2014 04:00PM
Re: PHP below server root not served	nano	January 09, 2014 10:08PM
Re: PHP below server root not served	Francis Daly	January 10, 2014 04:38AM
Re: PHP below server root not served	nano	January 10, 2014 06:40AM
Re: PHP below server root not served	Francis Daly	January 10, 2014 10:36AM
Re: PHP below server root not served	nano	January 12, 2014 05:28AM
Re: PHP below server root not served	Francis Daly	January 14, 2014 05:14PM
Re: PHP below server root not served	Valentin V. Bartenev	January 15, 2014 02:20PM
Re: PHP below server root not served	nano	January 10, 2014 04:38AM
Re: PHP below server root not served	nano	January 09, 2014 09:44AM
Re: PHP below server root not served	Jim Ohlstein	January 09, 2014 12:14PM
Re: PHP below server root not served	nano	January 09, 2014 12:30PM
Re: SSL ciphers, disable or not to disable RC4?	Axel	January 12, 2014 12:44PM
Re: SSL ciphers, disable or not to disable RC4?	Darren Pilgrim	January 12, 2014 02:10PM
Re: SSL ciphers, disable or not to disable RC4?	Axel	January 13, 2014 04:02AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 318

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018