Remove weak Ciphers SSL – nginx

GCM is preferred over CBC

  • Verify with cipher is being used?
nmap --script ssl-enum-ciphers -p 443 example.com
  • update nginx.conf
ssl_ciphers         HIGH:!aNULL:!MD5!TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;

https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

https://stackoverflow.com/questions/62900667/aws-alb-prevent-usage-of-tls-ecdhe-rsa-with-aes-128-cbc-sha256

Published by

Alok

DevSecOps

Leave a Reply

Your email address will not be published. Required fields are marked *