duraconf icon indicating copy to clipboard operation
duraconf copied to clipboard

Published 20 hours ago verified publisher icon ioerror

nginx cipher list vulnerable to BEAST?

Open doherty opened this issue 11 years ago • 2 comments

When I used the ciphers listed in the nginx example, and ran the Qualys SSL server test, I was informed that it was vulnerable to BEAST.

I've used ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH instead.

doherty avatar Feb 16 '13 17:02 doherty

Submit a pull request with your diff?

It would also be useful to see two server reports - one for each config.

Ultimately, most browsers have implemented a fix for BEAST - so short of GCM, I think only using RC4 is going to be the sure fire thing to stop those kinds of reports. I'm not actually sure I trust RC4 over AES but it sure has been a bad year for CBC!

ioerror avatar Feb 17 '13 06:02 ioerror

See #13.

doherty avatar Feb 21 '13 20:02 doherty