September 15, 2022 – Hackfi

Remove weak Ciphers SSL – nginx

GCM is preferred over CBC

Verify with cipher is being used?

nmap --script ssl-enum-ciphers -p 443 example.com

update nginx.conf

ssl_ciphers         HIGH:!aNULL:!MD5!TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;

https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

https://stackoverflow.com/questions/62900667/aws-alb-prevent-usage-of-tls-ecdhe-rsa-with-aes-128-cbc-sha256

Implement HTTPOnly and Secure Cookie

Added header in nginx.conf

add_header Set-Cookie "Path=/; HttpOnly; Secure";

How to verify?

Developer tool > Application > Storage > Cookies

https://geekflare.com/httponly-secure-cookie-nginx/