How to disable RC4 using Nginx

Improve security grade of your server

Installed your SSL certificate and got an info about RC4?


We all want to have A grades when it comes to security;) However, some features can cap our websites to a lower grade.

RC4 is one of those magic, super-safe things (like cigarettes in 1920's), that turned out to be possibly harmful. One story says that Edward Snowden pointed out some things cracked by NSA, among them was RC4. Wether it is true or not, here is the solution (past to the block in nginx/sites-available):

ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

Save the file and test nginx:

nginx -t

Restart nginx if the test was successful:

service nginx restart
Now test your SSL/TLS certificate again if there are any other threats:

https://cryptoreport.geotrust.com/checker/views/certCheck.jsp

Hopefully you have got your "A". Enjoy.