Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Nginx webserver.

  1. In your nginx.conf, configure ssl_ciphers to exclude anonymous and NULL suites:

    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;

  2. Reload Nginx:

    sudo systemctl reload nginx
Back to top