Kihaguru Gathura writes: [...] > TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Non-compliant with HIPAA guidance > TLS_RSA_WITH_CAMELL TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant > with HIPAA guidance > TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
> Under what circumstances could these ciphers be not considered for > HIPPA compliance? These aren't known to the HIPAA standard, and it doesn't allow unknown ciphers. Just disable the Camellia ciphers and you'll pass the validation. You'll run into similar issues passing PCI-DSS. We use the following settings to make the various validators happy: ssl_ciphers "HIGH:!DES:!3DES:!CHACHA20:!RC4:!MD5:!aNULL:!EDH:!CAMELLIA"; ssl_prefer_server_ciphers on; --lyndon