Hi, You may list down what ciphers configured : "openssl ciphers" Choose CBC ciphers and add them to the list of 'ssl_ciphers' with "!" prefix appended to current ssl_ciphers. > ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB: Ref: https://serverfault.com/questions/692119/meaning-of-ssl-ciphers-line-on-nginx-conf Thanks, Murugesh P. On 10/17/18, Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote: > Hi, > > I have the below ssl settings in nginx.conf file and VAPT test has reported > us to disable CBC ciphers > > ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH; >> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > > > openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on CentOS > Linux release 7.3.1611 (Core) > > I will appreciate if someone can pitch in to help me understand to disable > CBC ciphers > > Best Regards > > Kaushal > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
