0
0
Nginxdevops~20 mins

SSL protocol and cipher configuration in Nginx - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
SSL Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
1:30remaining
Check enabled SSL protocols in Nginx
You run the command nginx -T | grep ssl_protocols on your server. What output do you expect if only TLSv1.2 and TLSv1.3 are enabled?
Nginx
nginx -T | grep ssl_protocols
Assl_protocols TLSv1.1 TLSv1.2;
Bssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
Cssl_protocols SSLv3 TLSv1.2 TLSv1.3;
Dssl_protocols TLSv1.2 TLSv1.3;
Attempts:
2 left
💡 Hint
Only modern TLS versions TLSv1.2 and TLSv1.3 should be enabled for security.
Configuration
intermediate
1:30remaining
Configure strong cipher suites in Nginx
Which ssl_ciphers configuration line enables only strong ciphers recommended for modern browsers?
Assl_ciphers NULL:!aNULL:!eNULL;
Bssl_ciphers ALL;
Cssl_ciphers HIGH:!aNULL:!MD5;
Dssl_ciphers LOW:MEDIUM:HIGH;
Attempts:
2 left
💡 Hint
Strong ciphers exclude anonymous and weak algorithms.
Troubleshoot
advanced
2:00remaining
Troubleshoot SSL handshake failure due to protocol mismatch
A client reports SSL handshake failure connecting to your Nginx server. Your config has ssl_protocols TLSv1.3; only. The client supports TLSv1.2 but not TLSv1.3. What is the cause?
ACipher suites are mismatched causing handshake failure.
BClient and server have no common SSL protocol version enabled.
CNginx is missing the SSL certificate configuration.
DThe server is using deprecated SSLv3 protocol.
Attempts:
2 left
💡 Hint
Handshake requires at least one common protocol version.
Best Practice
advanced
2:00remaining
Select the best SSL configuration for security and compatibility
Which Nginx SSL configuration balances strong security and broad client compatibility?
Assl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;
Bssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ALL; ssl_prefer_server_ciphers off;
Cssl_protocols TLSv1.3; ssl_ciphers LOW:MEDIUM; ssl_prefer_server_ciphers on;
Dssl_protocols SSLv3 TLSv1.2; ssl_ciphers NULL; ssl_prefer_server_ciphers off;
Attempts:
2 left
💡 Hint
Avoid old protocols and weak ciphers but keep TLSv1.2 for compatibility.
🧠 Conceptual
expert
2:30remaining
Impact of disabling TLSv1.2 in Nginx SSL config
What is the most likely impact if you remove TLSv1.2 from ssl_protocols and keep only TLSv1.3 in Nginx?
AClients that do not support TLSv1.3 will fail to connect, reducing compatibility.
BAll clients will connect faster because TLSv1.3 is more efficient.
CThe server will accept insecure SSLv3 connections as fallback.
DCipher suites will automatically downgrade to weaker options.
Attempts:
2 left
💡 Hint
Consider client support for TLS versions.