Suggested improvement to ssl ciphers

Using the default list of ciphers EE implemented in the /etc/nginx/nginx.conf file, I was unable to utilise HTTP/2 (which is also on by default in EE), as Chrome would spit out the ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY error.

Running an SSL test, I was only getting a B rating, with issues caused by blacklisted ciphers being used.

I updated the cipher list to what I normally use (on servers I set up myself, as opposed to using EE), and the rating is now the expected A+, and the HTTP/2 related SPDY error was resolved. I would suggest using the following for the default list of ciphers in EE, or at the very least ensuring it has no blacklisted ciphers in it:


1 Like

thank you very much for this post this just solved 2 hours wasted tryin to understand ■■■ is goin on


I have already opened a pull request to fix this issue and to remove old nginx ciphers suite, it should be merged soon :