1

I am trying to understand ciphers settings in nginx.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #What TLS types that are supported
ssl_prefer_server_ciphers on; #Use the type that the server prefers
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA:EECDH:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

But when it comes to the ssl_ciphers I don't understand the string. Like for example, what does 'EECDH+ECDSA+AESGCM','EECDH+ECDSA+SHA256' and '!PSK:!SRP:!DSS' mean?

Does the data that is transferred between the client and server go through a specific encryption chain, like for example 'EECDH+ECDSA+SHA256'?

Thanks for any help and guidance!

Araw
  • 113
  • 6

1 Answers1

1

This page gives some useful information.

Here's a piece from the page that gives you a pretty good idea what it's doing

Cipher Suites Choosing ciphers suites can be difficult and their names may look complex but they can be easily broken down into their components. Take the following suite:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

The components are:

TLS - the protocol used
ECDHE - the key exchange mechanism
ECDSA - the algorithm of the authentication key
AES - the symmetric encryption algorithm
128 - the key size of the above
GCM - the mode of the above
SHA256 - the MAC used by the algorithm
Tim
  • 31,888
  • 7
  • 52
  • 78