determining which SSL ciphers to use in server block

Question

I am following along to the tutorial how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04 and on Step 3 the author suggests I allow only “the most secure SSL protocols and ciphers” and then provides ciphers within some code to add to my server block.

I was wondering if anyone can explain how the author came to decide on these ciphers specifically? After searching I found lots of other ciphers such as the ones provided on mozilla.org or a recommended suite from https://raymii.org.

Could I use these ciphers instead? Should I?

Thanks for reading. As you can see I am trying to understand ciphers.

Answer 1

rascul July 27, 2016

https://cipherli.st/ maintains a decent list. Also you can use https://www.ssllabs.com/ssltest/ to determine which ciphers you wish to use.

Reply Report

Answer 2

Elizine July 28, 2016

The most recent cipher suites use RSA, ECDH, or ECDSA for authentication, ECDHE for key exchange, AES for encryption, and GCM for integrity, but a large number of older and backward-compatibility cipher suites also exist.

Source - https://securityevaluators.com/knowledge/blog/20150119-protocols/

Reply Report

Related

Question

determining which SSL ciphers to use in server block

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

determining which SSL ciphers to use in server block

Related

Leave a comment

Related

question

Its not working on Ubuntu 14.04 anymore. always getting Unable to locate package python-certbot-nginx

question

Problem installing wordpress on subdomain (nginx / ubuntu)

question

GUI for MongoDB needed to mange Meteor app

question

Why are snapshots so slow

Looking for something else?