SSL Cipher suites settings in Nginx webserver

kaushalshriyan · May 3, 2021, 4:49pm

Hi,

I am using Lets Encrypt SSL Certificates for Nginx 1.20.00 webserver running on CentOS Linux release 7.9.2009 (Core). I will appreciate it if someone can guide me to set the cipher suites in the Nginx Webserver config. I am referring to https://ssl-config.mozilla.org/. Is there a way to verify if the below cipher suites set are accurate and are free from any vulnerabilities?

$openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017

$cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

$nginx -v
nginx version: nginx/1.20.0

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

Please guide me and I look forward to hearing from you. Thanks in Advance.

Best Regards,

Kaushal

Rip · May 3, 2021, 4:54pm

Hi @kaushalshriyan and Welcome to the community!

Check out this link:
https://ssl-config.mozilla.org/#server=nginx&version=nginx/1.20.0&config=intermediate&openssl=1.0.2k-fips&guideline=5.6

Hope this helps
Rip

griffin · May 3, 2021, 5:10pm

You can also utilize the SSL Labs Server Test to identify any weak protocols you might have.

system · June 2, 2021, 5:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.