$ssl_ciphers

Description

The `$ssl_ciphers` variable in NGINX is automatically set during the processing of HTTPS requests. This variable holds the string representation of the cipher suites negotiated between the client and the server during the SSL/TLS handshake process. It is particularly useful for logging and debugging purposes, as it allows the server administrator to understand which cipher suites are being used for secure connections. This variable is populated only when the SSL module is enabled in NGINX and is applicable only in server blocks that handle SSL connections. Typical values for `$ssl_ciphers` might look like 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384', representing a comma-separated list of cipher suite names. The exact ciphers that appear in this variable depend on the `ssl_ciphers` configuration directive defined within the NGINX server context, as well as the client's capabilities and preferences during the handshake. In practice, `$ssl_ciphers` can also facilitate the implementation of security measures such as HSTS (HTTP Strict Transport Security) by allowing administrators to conditionally adjust their configurations based on the strength of the ciphers used. This adherence to secure communication protocols enhances the overall safety of web applications.

Config Example

server {
    listen 443 ssl;
    ssl_certificate     /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
    access_log /var/log/nginx/ssl_ciphers.log combined;
}

location / {
    add_header X-Cipher-Used "$ssl_ciphers";
}