We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.

Return to Question

Tweeted twitter.com/ServerFault/status/1223033369535172613

occurred Jan 31, 2020 at 0:00

Add TLS tag

edit approved Jan 13, 2020 at 15:31

306
6
20

asked Jan 4, 2020 at 13:31

2.8k
14
37
50

Setting ssl_prefer_server_ciphers directive in nginx config

This question is about setting the correct value of ssl_prefer_server_ciphers while configuring nginx.

According to a fairly typical config suggested by Mozilla, the value should be off (source: https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.7&config=intermediate&openssl-version=1.0.1g).

According to nginx's own documentation, one should always set this to on: https://www.nginx.com/blog/nginx-https-101-ssl-basics-getting-started/ (search the document for ssl_prefer_server_ciphers).

I'm stumped as to which advice to follow. Both sources are pretty solid.

Can some industry experts chime in regarding when one should turn this off, and when on? Would also love to know the rationale.