Meaning of ssl_ciphers line on nginx.conf

nginx ssl configuration ssl-certificate openssl

9,931

HIGH, LOW, EXPORT etc are kind of macros which include a range of ciphers. To get the actual ciphers use openssl ciphers command, i.e.

 $ openssl ciphers -V 'HIGH:!aNULL:!MD5'
      0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
      0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
      0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
      0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
      ....

Since the contents of these macros differs between OpenSSL versions you should run this command with the OpenSSL on the servers system. For more details about the ciphers and macros see the man page of the ciphers command.

9,931

Author by

Ben Nelson

Updated on September 18, 2022

Comments

Ben Nelson over 1 year
What is the meaning of the following line from an nginx.conf file?
```
ssl_ciphers HIGH:!aNULL:!MD5;
```
I know the ssl cipher is specifying which algorithm to use to secure the server communication and I'm assuming !aNULL and !MD5 is specifying to not allow communications using those ciphers but I have no idea what HIGH: specifies.