Opened 12 years ago

Last modified 12 years ago

#177 closed defect

Default ssl_ciphers value should be corrected — at Initial Version

Reported by: Артем Давыдов Owned by: somebody
Priority: minor Milestone:
Component: other Version:
Keywords: ssl insecure ciphersuites Cc:
uname -a:
nginx -V: nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_flv_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-http_ssl_module

Description

Disable AECDH ciphersuites by default.

Current default setting of "HIGH:!ADH:!MD5;" isn't enough to disable insecure anonymous ECDH ciphersuites.

It should be changed to "HIGH:!ADH:!AECDH:!MD5;" or even to "HIGH:!aNULL:!MD5;"

Change History (0)

Note: See TracTickets for help on using tickets.