Meaning of ssl_ciphers line on nginx.conf
9,931
HIGH, LOW, EXPORT etc are kind of macros which include a range of ciphers. To get the actual ciphers use openssl ciphers
command, i.e.
$ openssl ciphers -V 'HIGH:!aNULL:!MD5'
0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
....
Since the contents of these macros differs between OpenSSL versions you should run this command with the OpenSSL on the servers system. For more details about the ciphers and macros see the man page of the ciphers command.
Author by
Ben Nelson
Updated on September 18, 2022Comments
-
Ben Nelson over 1 year
What is the meaning of the following line from an nginx.conf file?
ssl_ciphers HIGH:!aNULL:!MD5;
I know the ssl cipher is specifying which algorithm to use to secure the server communication and I'm assuming !aNULL and !MD5 is specifying to not allow communications using those ciphers but I have no idea what HIGH: specifies.