After reading “nginx does not suck at ssl”:
I’m using:
ssl_ciphers
ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH;
Is this a good choice?
- Grant
After reading “nginx does not suck at ssl”:
I’m using:
ssl_ciphers
ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH;
Is this a good choice?
one quote from that post i can confirm:
nobody has any idea how SSL performance works
esp. when it comes to CIPER1 vs CIPHER, compared
oin terms of speed and security.
what i can suggest to test if your ssl-implementation is stil
secure from a cipher-pov is
- Grant
nginx mailing list
[email protected]
nginx Info Page
Posted at Nginx Forum:
one quote from that post i can confirm:
nobody has any idea how SSL performance works
esp. when it comes to CIPER1 vs CIPHER, compared
oin terms of speed and security.what i can suggest to test if your ssl-implementation is stil
secure from a cipher-pov is
SSL Server Test (Powered by Qualys SSL Labs)
All things considered, do you think it’s best to leave ssl_ciphers
default?
On Sat, 9 Mar 2013 21:55:13 -0800, Grant [email protected] wrote:
After reading “nginx does not suck at ssl”:
I’m using:
ssl_ciphers
ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH;
Some of us use the following to mitigate BEAST attacks:
ssl_ciphers
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!aNULL:!MD5:!EDH;
r.
M.
ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!aNULL:!MD5:!EDH;
Thanks Mark, this is supposed to mitigate BEAST as well and it’s only
slightly different than the default:
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
Here is mex’s link again:
I use the following for better performance:
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
Reference:
http://www.hybridforge.com/blog/nginx-ssl-ciphers-and-pci-compliance
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs