Crypto-agility configuration for NGINX is described below.
All the requests in Desktop Managers and Tenants on the Backbone network pass through Nginx.
- Location of the file for setting ciphers for Nginx:
- Location of ciphers in the file:
# disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0 ssl_protocols TLSv1.1 TLSv1.2; # ciphers chosen for forward secrecy and compatibility # https://wiki.eng.vmware.com/VSECR/vSDL/PSP/PSPRequirements#.C2.A0.C2.A0.5B3.3.E2.80.93M.5D_TLS_Cipher-Suites ssl_ciphers "!aNULL:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH"; #Uncomment the line below and comment out above line when DH need to enabled #ssl_ciphers "!aNULL:kECDH+AES:ECDH+AES:RSA+AES:DH:@STRENGTH";
- Post modification, restart nginx service in the appliance by using the command:
sudo service nginx restart