On Sun, Mar 10, 2013 at 9:40 AM, Grant <[email protected]> wrote: >>> I can probably dump a lot of apache config. I still need SSL on both >>> servers even though only nginx faces the user? >> >> You don't need SSL at both. Only nginx is enough. >> But to ensure nginx performs well at SSL, follow this - >> http://matt.io/entry/ur > > Thanks for the link. Which ssl_ciphers do you use? Which one does > openssl show you're using? I have: > > ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH; > > and 'openssl s_client -host HOSTNAME -port 443' shows: > > Cipher : ECDHE-RSA-AES256-GCM-SHA384 > > I also get "Verify return code: 20 (unable to get local issuer > certificate)" from that command but I'm guessing that's OK since I get > the same when using www.google.com as the HOSTNAME. > > - Grant >
I use exactly the one specified at the blog entry. I didn't test it with openssl, but seemed to play well with browsers [presently no ssl host on my server] -- Nilesh Govindrajan http://nileshgr.com
