Nginx SSL Config for Forward Secrecy
Everyone is talking about the NSA whistle blower and the "tapping" of the internet and among the Ops folk that has lead to a resurgence of folks testing their HTTPd configs - which is a good thing!
Two things are important for any HTTPd configuration: mitigation of BEAST and Forward Secrecy. Perfect Forward Secrecy is hard since IE9 does not support any of the DHE or ECDHE (for details on what all that means see SSL Labs article on deploying forward secrecy). My config below scores very well with SSL Labs test suite.
My Nginx SSL configuration:
server_tokens off;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache builtin:1000 shared:SSL:10m;
# ssl_ciphers RC4:HIGH:!aNULL:!MD5;
# ssl_ciphers !aNULL:!LOW:!MD5:!EXP:RC4:AES256:3DES:AES128:SEED:CAMELLIA;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA;
all of the "fun" is with the ssl_ciphers item - the two commented out versions are first, the bare minimum for BEAST mitigation and then the bare minimum for BEAST and also decent Forward Secrecy support. I don't prefer it over the last one because it allows more 128 bit ciphers and also doesn't force IE10 to use Forward Secrecy. The list is very explicit in what it allows and pushes IE9 to the bottom of the list.
Hope this helps.
Edit: Adjusted the config sample to fix a cut-n-paste error and to also tweak the cipher string to make it even more secure. Both changes came via comment from Kiran Jonnalagadda - thanks!
Edit: Wow - great writeup by Kiran in his blog post on HTTPS Everywhere!
Edit: Tweaked the cipher list to fix an issue with Firefox 21 that Devin posted in the comments - thanks!