1

I am trying to install this plugin on Wordpress which fails to communicate with my server, and the plugin developer says it's because my cipher suites don't match their requirement. https://www.polipayments.com/Nudge (requirements at the bottom)

I've updated my /etc/nginx/conf.d/ssl.conf to include the following ssl ciphers:

ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256';
ssl_prefer_server_ciphers on;

Restarted my server, yet when querying my site with SSL Labs, I see these ciphers:

SSL Labs Ciphers

I'm at a loss as to why my server (Ubuntu 18.04 running nginx) is not updating these ciphers. Have I forgotten to do something, or done something wrong?

Jamie Sutton
  • 11
  • 2
  • 1
    I'm not sure what your question is here. Are you asking why you don't see specific ciphers you expected (which ones?). Or are you wondering about the TLS 1.3 ciphers you did not explicitly specify? Or something else? Note also that ECDSA ciphers are only possible if you are using an ECC certificate. – Steffen Ullrich Dec 09 '20 at 07:36
  • 1
    And for recent nginx (I think Ubuntu18.04 uses nginx1.14.0) DHE ciphers are only possible if you [specify ssl_dhparam](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam) with a file you will probably need to generate with `openssl dhparam 2048` or equivalent (@Steffen) – dave_thompson_085 Dec 09 '20 at 08:42
  • You don't need all the ciphers they listed; any one is sufficient. – Michael Hampton Dec 09 '20 at 15:15

0 Answers0