>> After reading "nginx does not suck at ssl": >> >> http://matt.io/entry/ur >> >> I'm using: >> >> ssl_ciphers >> ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH; > > Some of us use the following to mitigate BEAST attacks: > ssl_ciphers > ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!aNULL:!MD5:!EDH;
Thanks Mark, this is supposed to mitigate BEAST as well and it's only slightly different than the default: ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; Here is mex's link again: https://www.ssllabs.com/ssltest/ I use the following for better performance: ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; Reference: http://www.hybridforge.com/blog/nginx-ssl-ciphers-and-pci-compliance - Grant _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
