"nginx does not suck at ssl"

After reading “nginx does not suck at ssl”:

http://matt.io/entry/ur

I’m using:

ssl_ciphers
ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH;

Is this a good choice?

  • Grant

one quote from that post i can confirm:

nobody has any idea how SSL performance works

esp. when it comes to CIPER1 vs CIPHER, compared
oin terms of speed and security.

what i can suggest to test if your ssl-implementation is stil
secure from a cipher-pov is
https://www.ssllabs.com/ssltest/

Grant Wrote:

  • Grant

nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,237175,237179#msg-237179

one quote from that post i can confirm:

nobody has any idea how SSL performance works

esp. when it comes to CIPER1 vs CIPHER, compared
oin terms of speed and security.

what i can suggest to test if your ssl-implementation is stil
secure from a cipher-pov is
https://www.ssllabs.com/ssltest/

All things considered, do you think it’s best to leave ssl_ciphers
default?

  • Grant

On Sat, 9 Mar 2013 21:55:13 -0800, Grant [email protected] wrote:

After reading “nginx does not suck at ssl”:

http://matt.io/entry/ur

I’m using:

ssl_ciphers
ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH;

Some of us use the following to mitigate BEAST attacks:
ssl_ciphers
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!aNULL:!MD5:!EDH;

r.

M.

ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!aNULL:!MD5:!EDH;
Thanks Mark, this is supposed to mitigate BEAST as well and it’s only
slightly different than the default:

ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

Here is mex’s link again:
https://www.ssllabs.com/ssltest/

I use the following for better performance:

ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;

Reference:
http://www.hybridforge.com/blog/nginx-ssl-ciphers-and-pci-compliance

  • Grant

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs