How to disable RC4 using Nginx

Improve security grade of your server disabling


Installed your SSL certificate and got info about RC4?

We all want to have A grades when it comes to security;) However, some features can cap our websites to a lower grade.

RC4 is one of those magic, super-safe things (like cigarettes in the 1920's), that turned out to be possibly harmful. One story says that Edward Snowden pointed out some things cracked by NSA, among them was RC4. Whether it is true or not, here is the solution (past to the block in nginx/sites-available):

ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

Save the file and test Nginx:

nginx -t

Restart Nginx if the test was successful:

service nginx restart

Now test your SSL/TLS certificate again if there are any other threats:

https://cryptoreport.geotrust.com/checker/views/certCheck.jsp

Hopefully, you have got your "A". Enjoy.