Symptoms
like to get rid of ciphers marked as WEAK
https://www.ssllabs.com/ssltest/analyze.html
- before
How to secure SSL
- before
nginx.conf
...
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.1;
# ssl_protocols TLSv1.2; # Score=100
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5;!CAMELLIA";
# ssl_ciphers AES256+EECDH:!aNULL; # Score=100
...
- after
nginx.conf
...
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.1;
# ssl_protocols TLSv1.2; # Score=100
ssl_dhparam /etc/nginx/dhparam.pem;
# ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5;!CAMELLIA";
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5;!CAMELLIA";
# ssl_ciphers AES256+EECDH:!aNULL; # Score=100
Done