nginx deals with an underlying library to manage TLS-ciphered content. The webserver merely sends configuration data to it on startup/reload and uses this library to do the actual (en/de)ciphering job.
The one officially supported is OpenSSL, for which cipher strings and cipher suites are listed in its 'ciphers' module manual (man ciphers - best - or https://www.openssl.org/docs/manmaster/apps/ciphers.html - worst). You should use then to feed the ssl_ciphers <http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers> directive. What is accepted ultimately depends on the version of OpenSSL (or any other TLS library) your version of nginx is linked with. --- *B. R.* On Tue, Jun 28, 2016 at 5:22 AM, vfclists . <vfcli...@gmail.com> wrote: > > <http://security.stackexchange.com/questions/128513/is-there-an-original-informaton-source-linking-output-of-qualys-ssl-report-to-se#> > > The online tool at Qualys for testing webserver SSL configurations, > https://www.ssllabs.com/ssltest/index.html, produces a list of codes like > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA > etc. > > There are a lot of howtos on the net, but none of them show how to relate > the actual string codes to those in the webservers. It is easy enough to > use them but there is no knowning how they arrive at those settings in > particular. > > Is there some kind of table relating the Qualys codes with the actual > codes used in nginx configurations? > > > -- > Frank Church > > ======================= > http://devblog.brahmancreations.com > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx