Jump to content

SSL Ciphers


Recommended Posts


I added this to nginx:


ssl_prefer_server_ciphers on;


And in my site, Chrome reports AES_128_GCM and ECDHE_RSA, just like in this site.

The issue is that ssllabs gives this site an A score, and my site gets a B score, apparently because the directive above has some weak ciphers.

Well, they say this: "This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B."

Any help to fix that?

Link to comment
Share on other sites

Don't worry about it, all current browsers/mobile can handle SNI (older browsers will have trouble with IPS anyway). It means your hosts is serving different SSL certs on the same IP. That wasn't possible until SNI came along.

For example I have autoitscript.com and autoitconsulting.com on the same IP with two different SSL certs. That uses SNI to work. Otherwise I would have to have two IP addresses and each site bound to a different IP.

Link to comment
Share on other sites

I've install startssl in a cloudlinux server (server.it). and I don't have buy ssl cert. nor static ip. but cause of it also my domain don't have sni. so, xp user with iexplorer (or other user with old android mobile ecc) cannot access in my website.

I hope isn't a large percentage :p

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...