I have nginx configured to use ssl_ciphers PROFILE=SYSTEM;.
And I have Alma Linux configured to use the DEFAULT crypto policy:
~$ update-crypto-policies --show
DEFAULT
From the RHEL 9 documentation:
DEFAULTThe default system-wide cryptographic policy level offers secure settings for current threat models. It allows the TLS 1.2 and 1.3 protocols, as well as the IKEv2 and SSH2 protocols. The RSA keys and Diffie-Hellman parameters are accepted if they are at least 2048 bits long.
So far so good. This is exactly what I want - using the system-wide crypto policy also for nginx.
The problem is the order of ciphers provided by this configuration. The "older" ciphers are first in the list and the more modern (with forward secrecy) are after them. That means if the client supports (and almost all of them do) some of the older cipher suites from the beggining of the list, nginx with ssl_prefer_server_ciphers on; selects that cipher instead of one of the stronger ones that are further down the list.
One solution that comes to my mind is switching ssl_prefer_server_ciphers off; in the nginx config. Then the ordering from the client would be used instead of the ordering from the server. Is it a good idea?
