I juggled around with ssl ciphers and tried to disable RC4, but still be
able to serve IE under WinXP.
Those ciphers are my choice - if anyone has 'better' ciphers or prefers
another order i am pleased to hear...
ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-
AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-
CBC3-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!PSK:!RC4:!MD5:!LOW;
You can test your ciphers online at https://www.ssllabs.com
rgds
Am 9.1.2014 10:29, schrieb pekka.pan...@sofor.fi:
Hi
My current values in my nginx configuration for ssl_protocols/ciphers
what i use is this:
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
What are todays recommendations for ssl_ciphers option for supporting
all current OSes and browsers, even Windows XP users with IE?
Can i disable RC4?
My nginx is compiled with OpenSSL v1.0.1.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
