Theodore Baschak

Routing Guru. IPv6 Advocate. Operator of Hextet Systems (AS395089).

SSL Ciphers

Sun, 12 Jan 2014 23:44:23 -0600 » SSL, Networking, System Administration » Estimated read time: 1 min

This page is outdated. Please use the Mozilla SSL Configuration Generator to generate a secure configuration.

The SSL/TLS Protocol versions, and Ciphers have never really been an item which people configured very tightly. Lately though, there are very valid reasons to ensure that SSL, where applied, has the best methods available to protect confidentiality/integrity. Sites such as can help test your web servers configurations. Weak ciphers give a false sense of security. There are attacks against SSL/TLS.

The following is the set I use for this site (at the time of publishing):

ssl_protocols  SSLv3 TLSv1 TLSv1.1 TLSv1.2;

This is also useful (different config value names) in things like dovecot.conf and also apache’s SSL vhost configs.