Hello!

On Mon, Aug 03, 2015 at 05:51:34PM +0100, Mike MacCana wrote:

> The current example value for ssl_ciphers in nginx (HIGH:!aNULL:!MD5) has a
> number of security issues, including:
>
> - Weak DH key exchange / vulnerability to logjam attack

This is not really related to the cipher suite used, but rather to
the DH paramters used. We may consider removing default DH
parameters from nginx code instead.

> - Preferring AES-CBC instead of GCM, which causes an 'obsolete cipher
> suite' message in recent versions of Chrome

There is no preference enforced by nginx by default.

> - 128 bit AES should be preferred over 192 and 256 bit AES considering
> attacks that specifically affect the larger key sizes but do not affect AES
> 128

As far as I undersand, this is about related-key attacks and
doesn't really affect nginx operation. The "no preference" above
also applies.

Overral answer:

No, thanks. And even if some of the over concens were valid, the
answer would be the same. The default is kept good enough to be
generally usable, and it doesn't try to account for any recent
cryptographic findings, nor it tries to enforce any chipher
preferences on server. This approach is believed to be better in
a quickly changing world assuming the administrator is not
tracking recent attacks and changes the configuration accordingly.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel