Feedback SSL Ciphers Query

1. Hetzner CX21 40GB

2.
1st:
130.00beta01.b246 #Thu Nov 17 21:43:33 UTC 2022
..
last 10:
130.00beta01.b275 #Wed Feb 15 14:01:50 UTC 2023
130.00beta01.b277 #Tue Feb 21 20:47:19 UTC 2023
130.00beta01.b277 #Tue Feb 21 20:48:04 UTC 2023
130.00beta01.b277 #Tue Feb 21 20:53:39 UTC 2023
130.00beta01.b277 #Tue Feb 28 17:34:48 UTC 2023
130.00beta01.b277 #Tue Feb 28 17:38:41 UTC 2023
130.00beta01.b277 #Tue Feb 28 21:40:15 UTC 2023
130.00beta01.b277 #Wed Mar 8 20:02:12 UTC 2023
130.00beta01.b277 #Wed Mar 8 20:17:51 UTC 2023
130.00beta01.b277 #Wed Mar 8 20:19:09 UTC 2023



3.

---

Architecture: x86_64

CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel Xeon Processor (Skylake, IBRS)
Stepping: 4
CPU MHz: 2099.998
BogoMIPS: 4199.99
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
L3 cache: 16384K
NUMA node0 CPU(s): 0,1
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single ssbd rsb_ctxsw ibrs ibpb fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat pku ospke md_clear spec_ctrl

total used free shared buff/cache available
Mem: 3693 841 795 188 2056 2389
Low: 3693 2897 795
High: 0 0 0
Swap: 1023 5 1018
Total: 4717 847 1813

Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 1.8G 0 1.8G 0% /dev
tmpfs tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs tmpfs 1.9G 193M 1.7G 11% /run
tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/sda1 ext4 38G 15G 22G 40% /
/dev/loop0 ext4 5.8G 25M 5.5G 1% /tmp
tmpfs tmpfs 370M 0 370M 0% /run/user/0

Edited

Code:

/usr/local/nginx/conf/conf.d/MYDOMAIN.co.uk.ssl.conf 

for this line

Code:

ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384;

Restarted Nginx, Rebuilt Nginx, rebooted VPS
Testing in ssh and on SSL labs its still reporting 128bit ciphers ?

Code:

TLSv1.2 (server order -- server prioritizes ChaCha ciphers when preferred by clients)
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
 xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 253   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
 xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 253   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLSv1.3 (no server order, thus listed by strength)
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256    

Am I missing something ?

 

That will be it then, its behind Cloudflare on the free plan......

Thankyou