How to disable weak ciphers on nginx

I’ve read and reposted this post here https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ that explains how to remove some weak ciphers from nginx and apache.

It has been useful but I’ve found I needed to edit the string a little and remove some ciphers that Qualis SSL check considered weak.

Here’s the string, in case you have a similar need.

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AES256+GCM+SHA256:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA:!AES128-SHA256:!AES256-SHA:!AES256-SHA256

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s