SSL Cipher suites settings in Nginx webserver

Hi,

I am using Lets Encrypt SSL Certificates for Nginx 1.20.00 webserver running on CentOS Linux release 7.9.2009 (Core). I will appreciate it if someone can guide me to set the cipher suites in the Nginx Webserver config. I am referring to https://ssl-config.mozilla.org/. Is there a way to verify if the below cipher suites set are accurate and are free from any vulnerabilities?

$openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017

$cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

$nginx -v
nginx version: nginx/1.20.0

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

Please guide me and I look forward to hearing from you. Thanks in Advance.

Best Regards,

Kaushal

2 Likes

Hi @kaushalshriyan and Welcome to the community!

Check out this link:
https://ssl-config.mozilla.org/#server=nginx&version=nginx/1.20.0&config=intermediate&openssl=1.0.2k-fips&guideline=5.6

Hope this helps
Rip

3 Likes

You can also utilize the SSL Labs Server Test to identify any weak protocols you might have.

2 Likes