Forum List Message List New Topic Print View

Jessica Litwin

October 16, 2014 05:04PM

I can do this, but I guess my whole question was does this mean exclusion
bits are broken?
I'm personally partial to just outright declaring my supported ciphers
rather than using the exclusion bits. My personal server is aggressively
strict, the setup for our production gear is much less so. Either way it
allows me to know exactly what's available to clients.

For lunatics with DSA keys and LibreSSL:

ssl_ciphers
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256;

For more rational people with RSA keys and OpenSSL:

ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA;

*__________________Scott LarsonSystems AdministratorWiredrive/LA310 823
8238 ext. 1106310 943 2078 faxwww.wiredrive.com
http://www.wiredrive.com/www.twitter.com/wiredrive
http://www.twitter.com/wiredrivewww.facebook.com/wiredrive
http://www.wiredrive.com/facebook*

On Thu, Oct 16, 2014 at 1:28 PM, Jessica Litwin <jessica@litw.in> wrote:

> I'm sure. I'm very, very sure the correct site is being tested.
>
> On Thu, Oct 16, 2014 at 4:23 PM, mex <nginx-forum@nginx.us> wrote:
>
>> hi,
>>
>> > >
>> > > - make sure you are testing correct server.
>> > >
>>
>>
>> i'd suggest to configure an additional access/error-log
>> in that server {} - block, to be 100% sure.
>>
>>
>> regards,
>>
>>
>> mex
>>
>> Posted at Nginx Forum:
>> http://forum.nginx.org/read.php?2,254028,254077#msg-254077
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
>
> --
> Jessica K. Litwin
> jessicalitwin.com
> twitter: press5
> aim: press5key
> skype: dr_jkl
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
issue with ssl_ciphers not being respected	Jessica Litwin	October 16, 2014 03:42AM
Re: issue with ssl_ciphers not being respected	itpp2012	October 16, 2014 04:52AM
Re: issue with ssl_ciphers not being respected	Maxim Dounin	October 16, 2014 09:12AM
Re: issue with ssl_ciphers not being respected	Jessica Litwin	October 16, 2014 01:32PM
Re: issue with ssl_ciphers not being respected	mex	October 16, 2014 04:23PM
Re: issue with ssl_ciphers not being respected	Jessica Litwin	October 16, 2014 04:30PM
Re: issue with ssl_ciphers not being respected	Scott Larson	October 16, 2014 04:56PM
Re: issue with ssl_ciphers not being respected	Jessica Litwin	October 16, 2014 05:04PM
Re: issue with ssl_ciphers not being respected	Scott Larson	October 16, 2014 07:38PM
Re: issue with ssl_ciphers not being respected	itpp2012	October 17, 2014 06:14AM
Re: issue with ssl_ciphers not being respected	Jessica Litwin	October 17, 2014 07:30PM
Re: issue with ssl_ciphers not being respected	Scott Larson	October 17, 2014 07:42PM
Re: issue with ssl_ciphers not being respected	Jessica Litwin	October 17, 2014 07:56PM
Re: issue with ssl_ciphers not being respected	Jessica Litwin	October 17, 2014 08:18PM
Re: issue with ssl_ciphers not being respected	mex	October 18, 2014 05:59AM
Re: issue with ssl_ciphers not being respected	mex	October 16, 2014 05:02PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 182

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018