Want more timely Centmin Mod News Updates?
Become a Member

Nginx Anyone here using Mozilla SSL Config > Nginx > Intermediate?

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by rdan, May 13, 2022.

  1. rdan

    rdan Premium Member Premium Member

    5,237
    1,307
    113
    May 25, 2014
    Ratings:
    +2,013
    Local Time:
    3:06 AM
    Mainline
    10.2
    https://ssl-config.mozilla.org/

    This config specifically:
    Code:
    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    
    Using that config on CMM, produce this erros on SSL Labs:
    upload_2022-5-13_4-30-4.png

     
  2. rdan

    rdan Premium Member Premium Member

    5,237
    1,307
    113
    May 25, 2014
    Ratings:
    +2,013
    Local Time:
    3:06 AM
    Mainline
    10.2
    Is that normal or expected?
     
  3. eva2000

    eva2000 Administrator Staff Member

    48,519
    11,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,306
    Local Time:
    5:06 AM
    Nginx 1.21.x
    MariaDB 10.x
  4. rdan

    rdan Premium Member Premium Member

    5,237
    1,307
    113
    May 25, 2014
    Ratings:
    +2,013
    Local Time:
    3:06 AM
    Mainline
    10.2
    I switched back to the old configuration to quickly fix the red notice :).
    I assume no downside supporting old clients other than A+ ratings.
     
  5. eva2000

    eva2000 Administrator Staff Member

    48,519
    11,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,306
    Local Time:
    5:06 AM
    Nginx 1.21.x
    MariaDB 10.x
    So you just want that older browser compatibility? Or to not see errors in SSLLabs check? If you don't have browsers that old from visitors, then it shouldn't impact your site.
     
  6. rdan

    rdan Premium Member Premium Member

    5,237
    1,307
    113
    May 25, 2014
    Ratings:
    +2,013
    Local Time:
    3:06 AM
    Mainline
    10.2
    This, having the intermediate config and no errors on SSLlab.
    But having the old config is the very safe route for now.
     
  7. eva2000

    eva2000 Administrator Staff Member

    48,519
    11,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,306
    Local Time:
    5:06 AM
    Nginx 1.21.x
    MariaDB 10.x
    SSLLab errors you showed above aren't a problem as long as you don't have a lot of visitors from those old web browser versions.