[GH-ISSUE #1251] Provide the option to choose which SSL config Mode is used #1016

New issue

Closed

opened 2026-02-26 06:35:26 +03:00 by kerem · 1 comment

kerem commented

2026-02-26 06:35:26 +03:00

Owner

Originally created by @Nate-09 on GitHub (Jul 21, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1251

This might be more of two enhancements, however both related to one another, upon checking the current ssl-ciphers.conf file which shows that it uses the intermediate SSL configuration for nginx which contains weak ciphers, however for more secure environments or applications, it would be beneficial to provide a selector to allow what preference we prefer to use, i.e. modern or intermediate ssl configuration.

Alternatively being able to select or manually update the conf files from the UI to choose which ciphers are being provided on a per host level would resolve this individually.

For Example
If we can select which TLS v1.2 Ciphers are in use like the following image we reduce attack surface from using weak ciphers completely.

Instead of the current TLSv1.2 ciphers in the ssl-ciphers.conf which shows a number of weak ciphers.

I'm currently looking to manage the ciphers list manually to resolve this as a workaround based off of the https://github.com/jc21/nginx-proxy-manager/issues/564

Originally created by @Nate-09 on GitHub (Jul 21, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1251 This might be more of two enhancements, however both related to one another, upon checking the current ssl-ciphers.conf file which shows that it uses the intermediate SSL configuration for nginx which contains weak ciphers, however for more secure environments or applications, it would be beneficial to provide a selector to allow what preference we prefer to use, i.e. modern or intermediate ssl configuration. Alternatively being able to select or manually update the conf files from the UI to choose which ciphers are being provided on a per host level would resolve this individually. For Example If we can select which TLS v1.2 Ciphers are in use like the following image we reduce attack surface from using weak ciphers completely. ![image](https://user-images.githubusercontent.com/87747569/126437818-abe4c9fe-b538-4f4e-a7b5-e840f2201d42.png) Instead of the current TLSv1.2 ciphers in the ssl-ciphers.conf which shows a number of weak ciphers. ![image](https://user-images.githubusercontent.com/87747569/126437902-2ad93afd-7666-448e-a4a6-e7eeae3bfba0.png) I'm currently looking to manage the ciphers list manually to resolve this as a workaround based off of the https://github.com/jc21/nginx-proxy-manager/issues/564

kerem

2026-02-26 06:35:26 +03:00

closed this issue
added the
enhancement
label

kerem commented

2026-02-26 06:35:27 +03:00

Author

Owner

@Nate-09 commented on GitHub (Jul 22, 2021):

Closing as there is another enhancement for the same request https://github.com/jc21/nginx-proxy-manager/issues/951

@Nate-09 commented on GitHub (Jul 22, 2021): Closing as there is another enhancement for the same request https://github.com/jc21/nginx-proxy-manager/issues/951

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1016

No description provided.

Rows
Columns