I have nginx
configured to use ssl_ciphers PROFILE=SYSTEM;
.
And I have Alma Linux configured to use the DEFAULT
crypto policy:
~$ update-crypto-policies --show
DEFAULT
From the RHEL 9 documentation:
DEFAULT
The default system-wide cryptographic policy level offers secure settings for current threat models. It allows the TLS 1.2 and 1.3 protocols, as well as the IKEv2 and SSH2 protocols. The RSA keys and Diffie-Hellman parameters are accepted if they are at least 2048 bits long.
So far so good. This is exactly what I want - using the system-wide crypto policy also for nginx
.
The problem is the order of ciphers provided by this configuration. The "older" ciphers are first in the list and the more modern (with forward secrecy) are after them. That means if the client supports (and almost all of them do) some of the older cipher suites from the beggining of the list, nginx
with ssl_prefer_server_ciphers on;
selects that cipher instead of one of the stronger ones that are further down the list.
One solution that comes to my mind is switching ssl_prefer_server_ciphers off;
in the nginx
config. Then the ordering from the client would be used instead of the ordering from the server. Is it a good idea?
Anyway, I would still like to propose to someone to order the default list of ciphers according to their strength. Because the client can be using the same list of cipher suites ordered from older to stronger. Whom should I contact? RHEL, OpenSSL, nginx?
nginx selects that cipher instead of one of the stronger ones that are further down the list.
tell us all about how you measured that.ssl_prefer_server_ciphers
configuration. If I understand the TLS handshake correctly, the client sends its list of supported cipher suites and in the case ofssl_prefer_server_ciphers on
, thenginx
server selects the first from the list of server-supported cipher suites, that is also supported by the client.