Welcome! Log In Create A New Profile

Advanced

Re: issue with ssl_ciphers not being respected

Jessica Litwin
October 17, 2014 07:30PM
using openssl101j, I get the same results with the following in both my
vhost config and nginx.conf

ssl_protocols TLSv1.2 TLSv1.1;
ssl_ciphers
EECDH+aRSA+AESGCM:EECDH+aRSA+AES:EDH+aRSA+AESGCM:EDH+aRSA+AES:DES-CB
C3-SHA:!EXP:!CAMELLIA:!DSS:!MEDIUM:!LOW:!aNULL:!eNULL:!RC4;
ssl_prefer_server_ciphers on;

RC4 cipher is used with TLS 1.1 or newer protocols, even though stronger
ciphers are available.

What the hell am I doing wrong?

On Fri, Oct 17, 2014 at 6:14 AM, itpp2012 <nginx-forum@nginx.us> wrote:

> Scott Larson Wrote:
> -------------------------------------------------------
> > Something else must be going on here. Looking at your ssl_cipher
> > string, you're opening with a rough declaration of specific ciphers
> > you'll
> > support, none of which should pull in RC4. It's specific enough in
> > fact
> > that your subsequent excluded ciphers don't even come into play. To
> > test
> > this I switched in my old RSA cert, rebuilt 1.7.6 against OpenSSL
> > 1.0.1j,
>
> Which is why I said try 101j, between 101e and j there are big differences
> when it comes to invalid fallbacks.
> Not even mentioning using 101e is asking to be hacked.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,254028,254092#msg-254092
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



--
Jessica K. Litwin
jessicalitwin.com
twitter: press5
aim: press5key
skype: dr_jkl
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

issue with ssl_ciphers not being respected

Jessica Litwin October 16, 2014 03:42AM

Re: issue with ssl_ciphers not being respected

itpp2012 October 16, 2014 04:52AM

Re: issue with ssl_ciphers not being respected

Maxim Dounin October 16, 2014 09:12AM

Re: issue with ssl_ciphers not being respected

Jessica Litwin October 16, 2014 01:32PM

Re: issue with ssl_ciphers not being respected

mex October 16, 2014 04:23PM

Re: issue with ssl_ciphers not being respected

Jessica Litwin October 16, 2014 04:30PM

Re: issue with ssl_ciphers not being respected

Scott Larson October 16, 2014 04:56PM

Re: issue with ssl_ciphers not being respected

Jessica Litwin October 16, 2014 05:04PM

Re: issue with ssl_ciphers not being respected

Scott Larson October 16, 2014 07:38PM

Re: issue with ssl_ciphers not being respected

itpp2012 October 17, 2014 06:14AM

Re: issue with ssl_ciphers not being respected

Jessica Litwin October 17, 2014 07:30PM

Re: issue with ssl_ciphers not being respected

Scott Larson October 17, 2014 07:42PM

Re: issue with ssl_ciphers not being respected

Jessica Litwin October 17, 2014 07:56PM

Re: issue with ssl_ciphers not being respected

Jessica Litwin October 17, 2014 08:18PM

Re: issue with ssl_ciphers not being respected

mex October 18, 2014 05:59AM

Re: issue with ssl_ciphers not being respected

mex October 16, 2014 05:02PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 80
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready