I have nginx configured to use ssl_ciphers PROFILE=SYSTEM;.
And I have Alma Linux configured to use the DEFAULT crypto policy:
~$ update-crypto-policies --show
DEFAULT
From the RHEL 9 documentation:
DEFAULTThe default system-wide cryptographic policy level offers secure settings for current threat models. It allows the TLS 1.2 and 1.3 protocols, as well as the IKEv2 and SSH2 protocols. The RSA keys and Diffie-Hellman parameters are accepted if they are at least 2048 bits long.
So far so good. This is exactly what I want - using the system-wide crypto policy also for nginx.
The problem is the order of ciphers provided by this configuration. The "older" ciphers are first in the list and the more modern (with forward secrecy) are after them. That means if the client supports (and almost all of them do) some of the older cipher suites from the beggining of the list, nginx with ssl_prefer_server_ciphers on; selects that cipher instead of one of the stronger ones that are further down the list.
One solution that comes to my mind is switching ssl_prefer_server_ciphers off; in the nginx config. Then the ordering from the client would be used instead of the ordering from the server. Is it a good idea?
nginx selects that cipher instead of one of the stronger ones that are further down the list.tell us all about how you measured that. – Greg Askew Nov 21 '23 at 12:29ssl_prefer_server_ciphersconfiguration. If I understand the TLS handshake correctly, the client sends its list of supported cipher suites and in the case ofssl_prefer_server_ciphers on, thenginxserver selects the first from the list of server-supported cipher suites, that is also supported by the client. – McLayn Nov 23 '23 at 16:14ssl_prefer_server_cipherssee Setting ssl_prefer_server_ciphers directive in nginx config for details. – miken32 Feb 20 '24 at 21:31