Opened 12 years ago

Last modified 11 years ago

#177 closed defect

docs: default ssl_ciphers value should be corrected — at Version 4

Reported by: Артем Давыдов Owned by: Ruslan Ermilov
Priority: minor Milestone:
Component: other Version:
Keywords: ssl insecure ciphersuites Cc:
uname -a:
nginx -V: nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_flv_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-http_ssl_module

Description (last modified by Maxim Dounin)

Documentation for ssl_ciphers needs updating, it still lists "HIGH:!ADH:!MD5" (and suggests to use !ADH in the example).

Change History (4)

comment:1 by Maxim Dounin, 12 years ago

Resolution: invalid
Status: newclosed

Default is HIGH:!aNULL:!MD5 since 1.0.5.

comment:2 by Артем Давыдов, 12 years ago

Maxim, then documentation should be changed to reflect this. It still states that insecure defaults are being used.
http://www.nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
http://www.nginx.org/ru/docs/http/ngx_http_ssl_module.html#ssl_ciphers

Btw, is there any track for documentation errata?

Last edited 12 years ago by Артем Давыдов (previous) (diff)

comment:3 by Артем Давыдов, 12 years ago

Resolution: invalid
Status: closedreopened

comment:4 by Maxim Dounin, 12 years ago

Component: nginx-moduleother
Description: modified (diff)
Owner: changed from somebody to Ruslan Ermilov
Status: reopenedassigned
Summary: Default ssl_ciphers value should be correcteddocs: default ssl_ciphers value should be corrected
Version: 1.2.x

Yes, docs should be updated. Ruslan is looking into this.

Note: See TracTickets for help on using tickets.