Re: SSL Ciphers

2015-03-19 Thread Anton Yuzhaninov
On 03/19/15 15:29, Дилян Палаузов wrote: Can you tell me, why doesn't nginx support all ciphers printed by openssl cipher using the same cipher-string? Some cipher suites depend on certificate type. E. g. for ECDHE-ECDSA-* you need ECC-based certificate. __

SSL Ciphers

2015-03-19 Thread Дилян Палаузов
Hello, I have nginx linked openssl 1.0.2 and nginx and configured with ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH CAMELLIA SHA256 SHA384 !aNULL !eNULL !LOW -3DES !MD5 !EX

Re: nginx and ssl ciphers

2015-03-18 Thread Scott Larson
823 8238 x1106 <310%20823%208238%20x1106> | M 310 904 8818 <310%20904%208818>* On Wed, Mar 18, 2015 at 2:55 PM, ManuelRighi wrote: > Hello, > I need to configure my nginx web server with only specific ssl ciphers. > I need to use only this ciphers: > > TLS_RSA_

nginx and ssl ciphers

2015-03-18 Thread ManuelRighi
Hello, I need to configure my nginx web server with only specific ssl ciphers. I need to use only this ciphers: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) TLS_RSA_WITH_RC4_128_MD5 (0x0004) TLS_RSA_WITH_RC4_128_SHA (0x0005

Re: SSL ciphers preference

2014-09-01 Thread B.R.
Loud and clear. I am no expert at OpenSSL cypher suites. I found that resource that might prove useful on their own website. At least, that is a start to understand what you are do

Re: SSL ciphers preference

2014-09-01 Thread Maxim Dounin
Hello! On Mon, Sep 01, 2014 at 04:56:00PM +0200, B.R. wrote: > Hello, > > I filled a (now closed, because erroneous) enhancement ticket: > http://trac.nginx.org/nginx/ticket/619 > > As it appears, the change I noticed in the SSl test did not result from my > malformed ciphers list. > Right abou

SSL ciphers preference

2014-09-01 Thread B.R.
Hello, I filled a (now closed, because erroneous) enhancement ticket: http://trac.nginx.org/nginx/ticket/619 As it appears, the change I noticed in the SSl test did not result from my malformed ciphers list. Right about that. However, what is intriguing is the answer Maxim gave me on the second

Re: SSL ciphers, disable or not to disable RC4?

2014-01-13 Thread Axel
Am 12.1.2014 20:08, schrieb Darren Pilgrim: HIGH will add in only high-grade ciphers, so you don't need to add them manually or exclude export- and low-grade ciphers. You can use @STRENGTH to sort the list for you instead of doing it by hand: ssl_ciphers HIGH:!CAMELLIA:!RC4:!PSK:!aNULL:@STRENGT

Re: SSL ciphers, disable or not to disable RC4?

2014-01-12 Thread Darren Pilgrim
On 1/12/2014 9:42 AM, Axel wrote: I juggled around with ssl ciphers and tried to disable RC4, but still be able to serve IE under WinXP. Those ciphers are my choice - if anyone has 'better' ciphers or prefers another order i am pleased to hear... ssl_ciphers ECDHE-RSA-AES256-GCM-SH

Re: SSL ciphers, disable or not to disable RC4?

2014-01-12 Thread Axel
I juggled around with ssl ciphers and tried to disable RC4, but still be able to serve IE under WinXP. Those ciphers are my choice - if anyone has 'better' ciphers or prefers another order i am pleased to hear... ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384

Re: SSL ciphers, disable or not to disable RC4?

2014-01-09 Thread Jeffrey Walton
On Thu, Jan 9, 2014 at 4:53 AM, Lukas Tribus wrote: >> My current values in my nginx configuration for ssl_protocols/ciphers >> what i use is this: >> >> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; >> ssl_ciphers RC4:HIGH:!aNULL:!MD5; >> ssl_prefer_server_ciphers on; >> >> What are todays recommend

Re: SSL ciphers, disable or not to disable RC4?

2014-01-09 Thread Jeffrey Walton
On Thu, Jan 9, 2014 at 4:53 AM, Lukas Tribus wrote: >> My current values in my nginx configuration for ssl_protocols/ciphers >> what i use is this: >> >> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; >> ssl_ciphers RC4:HIGH:!aNULL:!MD5; >> ssl_prefer_server_ciphers on; >> >> What are todays recommend

RE: SSL ciphers, disable or not to disable RC4?

2014-01-09 Thread Lukas Tribus
Hi, > My current values in my nginx configuration for ssl_protocols/ciphers > what i use is this: > > ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers RC4:HIGH:!aNULL:!MD5; > ssl_prefer_server_ciphers on; > > What are todays recommendations for ssl_ciphers option for supporting > all curr

Re: SSL ciphers, disable or not to disable RC4?

2014-01-09 Thread Jeffrey Walton
On Thu, Jan 9, 2014 at 4:29 AM, wrote: > Hi > > My current values in my nginx configuration for ssl_protocols/ciphers what i > use is this: > > ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers RC4:HIGH:!aNULL:!MD5; > ssl_prefer_server_ciphers on; > > What are todays recomm

Re: SSL ciphers, disable or not to disable RC4?

2014-01-09 Thread nano
On 9/01/2014 8:29 PM, pekka.pan...@sofor.fi wrote: Hi My current values in my nginx configuration for ssl_protocols/ciphers what i use is this: ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; What are todays recommendations for

SSL ciphers, disable or not to disable RC4?

2014-01-09 Thread Pekka . Panula
Hi My current values in my nginx configuration for ssl_protocols/ciphers what i use is this: ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; What are todays recommendations for ssl_ciphers option for supporting all curr