Changes between Version 3 and Version 4 of Ticket #676, comment 8
- Timestamp:
- 07/26/22 00:50:27 (21 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #676, comment 8
v3 v4 9 9 In the default server configuration: 10 10 11 {{{ 11 12 ssl_protocols TLSv1.2 TLSv1.3; 12 13 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; 13 14 ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256; 14 15 ssl_prefer_server_ciphers on; 16 }}} 15 17 16 Normally with TLSv1.3 I read that it's best to set ssl_prefer_server_ciphers setto off, because all ciphers are considered secure, and so that devices not supporting AES can choose the Chacha20 cipher instead of being forced to use18 Normally with TLSv1.3 I read that it's best to set ssl_prefer_server_ciphers to off, because all ciphers are considered secure, and so that devices not supporting AES can choose the Chacha20 cipher instead of being forced to use 17 19 AES even without hardware acceleration available to handle it, but here since you are allowing TLSv1.2, you need to prefer server ciphers for security reasons. 18 20
