Cheat Sheets

Security - nginx Prefer Server Ciphers

Description

An nginx production webserver should prefer the server side ciphers.

Check Script: security-nginx-prefer-server-ciphers.sh

#!/bin/bash

for dir in /etc/nginx /usr/local/nginx/conf; do if [ -d $dir ]; then if ! rgrep -q "ssl_prefer_server_ciphers[[:space:]][[:space:]]*on" $dir/*-enabled $dir/conf.d; then result_failed "ssl_prefer_server_ciphers is not set to 'on'" fi fi done
Comment on Disqus