Kihaguru Gathura writes:
[...]
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Non-compliant with HIPAA guidance
> TLS_RSA_WITH_CAMELL TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant
> with HIPAA guidance
> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
> Under what circumstances could these ciphers be not considered for
> HIPPA compliance?
These aren't known to the HIPAA standard, and it doesn't allow
unknown ciphers. Just disable the Camellia ciphers and you'll pass
the validation.
You'll run into similar issues passing PCI-DSS. We use the following
settings to make the various validators happy:
ssl_ciphers "HIGH:!DES:!3DES:!CHACHA20:!RC4:!MD5:!aNULL:!EDH:!CAMELLIA";
ssl_prefer_server_ciphers on;
--lyndon
