In an nginx configuration file, you might configure a list of SSL ciphers like this
ssl_ciphers HIGH:!aNULL:!eNULL:!LOW:!ADH:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
What's the syntax of this cipher string? That is, I know (or think I know, correct me if I'm wrong) that this string is meant to provide a list of possible SSL ciphers, as well as provide a priority for them. What the documentation is less great at is explaining the format of this string.
Specific questions
-
Is the
!
a negation? That is, does!DSS
means don't use DSS? Or is!DSS
the same of a cipher? -
Are the
:
characters separators? That is is teh above a list of ciphers "HIGH, !aNULL, !eNULL, etc…", or does the:
mean something else -
Are
HIGH
andLOW
the same of ciphers, or are they special meta-directives of some kind -
Not pictured above, but I've seen strings like this
AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:
. Are the-
characters part of the cipher name, or do they have a special meaning?
Is there a resource that explains how this string works, or is this a case where the people expected to work with the string are also expected to read the nginx source to figure out how it works?
Best Answer
This syntax is from OpenSSL. See CIPHER LIST FORMAT.
Further down it lists different ciphers and these meta ciphers like
HIGH
Excerpt: