ssl_ciphers
Sets the list of ciphers to be used for SSL/TLS connections in NGINX.
Description
The ssl_ciphers directive in NGINX specifies which ciphers are permitted for SSL/TLS connections, allowing administrators to control the cryptographic protocols that can be used for secure communications. This directive takes a single argument, which is a list of cipher strings, formatted as specified in OpenSSL or NGINX's documentation.
The order of the ciphers is significant; the server will attempt to use the ciphers in the listed order to negotiate secure connections with clients. If a client does not support any of the cyphers specified, it will be unable to establish a secure connection with the server. It is important for server administrators to select ciphers that provide adequate security and are supported by the clients that are expected to connect. By setting this directive, they can mitigate vulnerabilities associated with older or weak ciphers also limit the range of attacks against the secure connections.
For more advanced configurations, this directive can also be combined with other SSL-related directives like ssl_protocols and ssl_prefer_server_ciphers for better security posture. When using this directive, proper testing and validation should be done to ensure the desired level of security is achieved and to maintain compatibility with client applications.
Config Example
ssl_ciphers 'HIGH:!aNULL:!MD5';
Ensure that the specified ciphers are supported by your version of OpenSSL and NGINX.
Using outdated or weak ciphers can expose your server to security vulnerabilities.
Make sure to regularly update cipher lists to comply with the latest security standards.