SSL Ciphers

Hello,

I have nginx linked openssl 1.0.2 and nginx and configured with

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH CAMELLIA
SHA256 SHA384 !aNULL !eNULL !LOW -3DES !MD5 !EXP !PSK -SRP !DSS !RC4
!EDH”;

Nginx supports these ciphers:

ECDHE-RSA-AES256-GCM-SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES256-SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-AES128-GCM-SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

but openssl cipher -V ‘the above list’ prints in addition

AES128-SHA256
AES256-SHA256
CAMELLIA128-SHA
CAMELLIA256-SHA
DH-DSS-AES128-SHA256
DH-DSS-AES256-SHA256
DH-DSS-CAMELLIA128-SHA
DH-DSS-CAMELLIA256-SHA
DH-RSA-AES128-SHA256
DH-RSA-AES256-SHA256
DH-RSA-CAMELLIA128-SHA
DH-RSA-CAMELLIA256-SHA
ECDH-ECDSA-AES128-SHA256
ECDH-ECDSA-AES256-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA384
ECDH-RSA-AES128-SHA256
ECDH-RSA-AES256-SHA384

Can you tell me, why doesn’t nginx support all ciphers printed by
openssl cipher using the same cipher-string?

I use ngonx 1.6.2 .

Thanks in advance for your answer
Dilyan

On 03/19/15 15:29, wrote:

Can you tell me, why doesn’t nginx support all ciphers printed by openssl cipher
using the same cipher-string?

Some cipher suites depend on certificate type.

E. g. for ECDHE-ECDSA-* you need ECC-based certificate.