New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do you relate the codes in the Qualys SSL test to nginx SSL configuration codes?
How do you relate the codes in the Qualys SSL Test like TLS_ECDHE_RSA_WITH_AES_256_CBC_SH, TLS_RSA_WITH_AES_256_CBC_SHA256 to codes in the nginx configuration like ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, DHE-DSS-AES256-SHA etc?
I need to remove some SSL ciphers according to my Qualys report but don't know which ones to remove. There are a lot how tos telling you what to do, but they don't explain how they are calculated or selected, and I prefer to know how to work out which one to remove, rather than follow some guide blindly.
Comments
@raymii made a nice guide
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
It explains some stuff.
Then Mozilla explains it some more
https://wiki.mozilla.org/Security/Server_Side_TLS
I believe any cipher using MD5 is weak only due to exploits. I'm pretty sure they're calculated by ype so md5 SHA then AES and bits.
There is another SSL checker that has links to the Nginx config to get an A+, can't rmemeber the site offhand though. Think someone here made it.
Found it: https://cipherli.st
Will give you settings for A+ score.
I was going to suggest that however the site didn't load at the time..
You also can use cloudflare ssl config here:
https://github.com/cloudflare/sslconfig/blob/master/conf