The last few months sysadmins, engineers and security components were on needles. Many security holes were found and patched. And in this case, patched means patched in the code, built binaries and pushed out by the sysadmins. Specially in the SSL/TLS segment, resp. openssl and its algorithms.
UPDATE (21. Oct 2017):
Needless to say, there is always improvement on security, so I updated the mentioned ciphers, protocols and configurations in this article.
But not everything can be patched if its weak by nature. There are protocols, which are now insecure and you should not be used anymore. Generally you should disable SSLv3 (and 2 for sure!). This protocol is over 10 years old and now vulnerable to different attacks (like POODLE or BEAST). Using a secure protocol like TLSv1.2 (which also can be improved), does not mean your secure. Every SSL Protocol uses algorithms and there are enough who are weak, too.
So what to do? Use secure protocols and secure algorithms and find some mix of supported devices/browsers/programs and high grade algorithms.
Disabled protocols MUST be SSLv2 and SSLv3.
Use TLSv1.0, TLSv1.1 if you need to. TLSv1.2 (+TLSv1.3) are encountered as secure.
Old algorithms werent always bad, but technology improves and older ciphers like RC4 don’t fullfill the requirements to be secure anymore.
aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
This configuration generates a A+ grade by the ssl testsuite from Qualsys (HTTPS) but provides a big bandwidth of supported devices. Yes, some of the oldest aren’t supported with these ciphers, but a nessecary sacrifice to provide better security.
This affects the unsupported Windows XP, old Android 2.3.7 and the even older Java 1.6.
If you want to support this old devices you can allow this cipher suite, which is of course less secure: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Below is my configuration of Nginx and Postfix.
This disables the insecure protocols SSLv3 and SSLv3, multiple insecure algorythms like EXPORT or RC4
Provides a high grade security with perfect forward secrecy and HSTS (Certfificate pinning)
ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/ssl/certs/dh2048.pem; # modern configuration. tweak to your needs. ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000;