How to Scan and Fix Your Server's Cipher Suites

Q: What is forward secrecy and why does it matter?

Forward secrecy (also called perfect forward secrecy) ensures that session keys are not compromised even if the server's private key is leaked in the future. Cipher suites with ECDHE or DHE in their name provide forward secrecy. Without it, an attacker who obtains your private key can decrypt all past recorded traffic.

Cipher suites determine how your server encrypts TLS connections. A misconfigured cipher list can leave your server vulnerable to downgrade attacks, BEAST, POODLE, and other exploits even if you have a valid SSL certificate. This guide shows you how to audit your current cipher configuration, identify weaknesses, and lock down your server with a modern, secure setup.

Scan your server's ciphers now

Use our free Cipher Suite Scanner to see every cipher your server supports and get recommendations for which ones to disable.

Step 1: Scan Your Current Cipher Suites

Use openssl to connect to your server and list the negotiated cipher:

openssl s_client -connect example.com:443 -tls1_2
openssl s_client -connect example.com:443 -tls1_3

For a comprehensive list of all supported ciphers, use nmap:

nmap --script ssl-enum-ciphers -p 443 example.com

This shows every protocol version and cipher suite your server accepts, along with a strength rating.

Step 2: Identify Weak and Deprecated Ciphers

Flag any cipher suite that uses RC4, DES, 3DES, MD5, or export-grade encryption. These are cryptographically broken. Also flag suites without forward secrecy (those missing ECDHE or DHE in the name). Check your SSL certificate at the same time to ensure the certificate itself uses a strong signature algorithm (SHA-256 or better).

Step 3: Configure a Secure Cipher Order

For Nginx, set a modern cipher configuration in your server block:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;

For Apache, use the SSLCipherSuite directive with the same cipher string. TLS 1.3 cipher suites are negotiated separately and are secure by default, so focus your effort on the TLS 1.2 configuration.

Step 4: Test Your Mail Server Too

Do not forget your SMTP server. Mail servers negotiate TLS independently from your web server. Test port 25 and 587:

openssl s_client -starttls smtp -connect mail.example.com:25
openssl s_client -starttls smtp -connect mail.example.com:587

Check whether your mail server supports MTA-STS to enforce TLS for inbound email and prevent downgrade attacks on the SMTP channel.

Step 5: Verify and Monitor

After applying changes, restart your server and re-scan to confirm only strong ciphers remain. Run the Cipher Suite Scanner again to verify. Set up regular scans because new vulnerabilities are discovered periodically and cipher recommendations evolve over time.

Frequently Asked Questions

What cipher suites should I disable?

Disable all cipher suites using RC4, DES, 3DES, MD5, SHA-1 for signing, export-grade ciphers, and any suite without forward secrecy. Also disable SSLv3 and TLS 1.0/1.1 protocols entirely. Only allow TLS 1.2 and TLS 1.3 cipher suites.

What is forward secrecy and why does it matter?

Forward secrecy ensures that session keys are not compromised even if the server's private key is leaked in the future. Cipher suites with ECDHE or DHE in their name provide forward secrecy. Without it, an attacker who obtains your private key can decrypt all past recorded traffic.

Will restricting cipher suites break compatibility with older clients?

Disabling TLS 1.0 and 1.1 may break compatibility with very old clients like Internet Explorer on Windows XP or Android 4.3 and earlier. However, these clients represent a negligible share of web traffic in 2026. The security benefits of a modern cipher configuration far outweigh the compatibility cost.

Related Guides