Opened 12 years ago

Closed 12 years ago

Last modified 11 years ago

#177 closed defect (fixed)

docs: default ssl_ciphers value should be corrected

Reported by: Артем Давыдов Owned by: Ruslan Ermilov
Priority: minor Milestone:
Component: other Version:
Keywords: ssl insecure ciphersuites Cc:
uname -a:
nginx -V: nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_flv_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-http_ssl_module

Description (last modified by Maxim Dounin)

Documentation for ssl_ciphers needs updating, it still lists "HIGH:!ADH:!MD5" (and suggests to use !ADH in the example).

Change History (6)

comment:1 by Maxim Dounin, 12 years ago

Resolution: invalid
Status: newclosed

Default is HIGH:!aNULL:!MD5 since 1.0.5.

comment:2 by Артем Давыдов, 12 years ago

Maxim, then documentation should be changed to reflect this. It still states that insecure defaults are being used.

Version 0, edited 12 years ago by Артем Давыдов (next)

comment:3 by Артем Давыдов, 12 years ago

Resolution: invalid
Status: closedreopened

comment:4 by Maxim Dounin, 12 years ago

Component: nginx-moduleother
Description: modified (diff)
Owner: changed from somebody to Ruslan Ermilov
Status: reopenedassigned
Summary: Default ssl_ciphers value should be correcteddocs: default ssl_ciphers value should be corrected
Version: 1.2.x

Yes, docs should be updated. Ruslan is looking into this.

comment:5 by Ruslan Ermilov, 12 years ago

Resolution: fixed
Status: assignedclosed

In [539/nginx_org]:

(The changeset message doesn't reference this ticket)

comment:6 by Ruslan Ermilov <ru@…>, 11 years ago

In 58dd64aef626782e152b958552542e1173bb031f/nginx_org:

Documented ciphers used by default in modern nginx versions (closes #177).

Note: See TracTickets for help on using tickets.