SSL Security : Right Cipher Suits
After So many issues regarding choosing right Cipher suits during web server configuration, I am putting down right cipher suit:
“ECDHE-RSA-AES256-SHA384”, “DHE-RSA-AES256-SHA384”, “ECDHE-RSA-AES256-SHA256”, “DHE-RSA-AES256-SHA256”, “ECDHE-RSA-AES128-SHA256”, “DHE-RSA-AES128-SHA256”, “HIGH”, “!aNULL”, “!eNULL”, “!EXPORT”, “!DES”, “!RC4”, “!MD5”, “!PSK”, “!SRP”, “!CAMELLIA”
Is this the right Cipher suit. Yes and NO.
Because IF you do not enforce this with honorCipherOrder, then this does not have the right impact. Please remember the BEAST attack recommendations.
Basic Config disabling RC4 ( just putting ! in front of the cipher)
// default node 0.12 ciphers with RC4 cipher being disabled
: [ “ECDHE-RSA-AES128-SHA256”, “DHE-RSA-AES128-SHA256”, “AES128-GCM-SHA256”, “!RC4”, // RC4 be gone “HIGH”, “!MD5”, “!aNULL” ].join(‘:’), honorCipherOrder: true