Dukemaster
Regular Pleskian
Hi,
today I updated ngx_pagespeed, it is running like a charm with TLS 1.3. But in Qualys ssllabs.com I discovered that the recent cipher list should also get an update.
Here is the cipher list in /etc/nginx/conf.d/ssl.conf
Please, could somebody tell me and other user how the cipher list should look like after to prevend the weak ciphers. Normally the weak ciphers are no problem, but we want to be perfect...
Greets
today I updated ngx_pagespeed, it is running like a charm with TLS 1.3. But in Qualys ssllabs.com I discovered that the recent cipher list should also get an update.
Here is the cipher list in /etc/nginx/conf.d/ssl.conf
Code:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
Please, could somebody tell me and other user how the cipher list should look like after to prevend the weak ciphers. Normally the weak ciphers are no problem, but we want to be perfect...
Greets