The Mozilla configuration tool for ciphers is generally the best source
for cipher information, they update it regularly as things change in
terms of "best ciphers to utilize" and security issues crop up.

All of those ciphers, in my opinion, are fine.  The discussion of
whether these ciphers are free from vulnerabilities however is not an
NGINX issue, and an OpenSSL / SSL Spec discussion that extends far
beyond NGINX.


Thomas


On 5/3/21 12:47 PM, Kaushal Shriyan wrote:
> Hi,
>
> I am using Lets Encrypt SSL Certificates for Nginx 1.20.00 webserver
> running on CentOS Linux release 7.9.2009 (Core). I will appreciate it
> if someone can guide me to set the cipher suites in the Nginx
> Webserver config. I am referring to https://ssl-config.mozilla.org/
> https://ssl-config.mozilla.org/. Is there a way to verify if the
> below cipher suites set are accurate and are free from any
> vulnerabilities?
>
> $openssl version
> OpenSSL 1.0.2k-fips  26 Jan 2017
> $cat /etc/redhat-release
> CentOS Linux release 7.9.2009 (Core)
> $nginx -v
> nginx version: nginx/1.20.0
>
> ssl_ciphers
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
>
> Please guide and I look forward to hearing from you. Thanks in Advance.
>
> Best Regards,
>
> Kaushal
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx