TLS cipher modes: modern vs legacy
Foldr’s appliance web server has two TLS profiles you can switch between from the appliance console: modern (the default) and legacy. The choice affects both the TLS protocol versions Foldr will negotiate and the cipher suites it offers to connecting clients.
Modern (default, recommended)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp521r1:secp384r1;
ssl_ciphers EECDH+AESGCM:EECDH+AES256:!SHA1:!SHA256:!SHA384:!DSS:!aNULL;In plain English:
- Protocols: TLS 1.2 and TLS 1.3 only. TLS 1.0 and 1.1 are disabled.
- Key exchange: ECDHE only (forward secrecy). The two named elliptic curves are P-521 and P-384, the strongest commonly-deployed options.
- Bulk encryption: AES-GCM and AES-256 in any modern mode. The exclusions strip CBC-mode suites (the
!SHA1:!SHA256:!SHA384exclusions catch the AES-CBC variants), DSS-authenticated suites, and anonymous-key-exchange suites. - TLS 1.3 cipher suites are managed by OpenSSL itself and are unaffected by the
ssl_ciphersdirective: typicallyTLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256, andTLS_CHACHA20_POLY1305_SHA256are all enabled.
This is the right default for any modern deployment. Modern OS versions, browsers, and all the Foldr apps negotiate TLS 1.2 or 1.3 cleanly.
Legacy
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:
DHE-RSA-CHACHA20-POLY1305:
ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:
DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:
AES128-GCM-SHA256:AES256-GCM-SHA384:
AES128-SHA256:AES256-SHA256:
AES128-SHA:AES256-SHA:
DES-CBC3-SHA;In plain English:
- Protocols: TLS 1.0, 1.1, 1.2, and 1.3 all enabled.
- Cipher list: the full modern AEAD suite plus AES-CBC variants in SHA1/SHA256/SHA384, RSA-key-exchange suites (no forward secrecy), and 3DES (
DES-CBC3-SHA) at the end of the list as a last-resort.
Legacy is for compatibility, not security. Use it only when you have devices on the network you can’t upgrade or replace (older Java clients, ancient embedded systems, certain medical or industrial equipment). Switch back to modern as soon as those clients are retired. SSL Labs will fail any deployment in legacy mode for accepting weak protocols and 3DES.
Switching modes
Sign into the appliance console as fadmin, either via the hypervisor or over SSH, and run one of:
set-ciphers modern
set-ciphers legacyThe web server (nginx) restarts automatically. Run http-test <fqdn> afterwards to confirm the new config is serving correctly.
Verifying what’s actually negotiated
The cipher config above is what Foldr writes into nginx’s SSL config when you run set-ciphers. To see what your server is actually negotiating with a real client, use any of:
- SSL Labs Server Test for any internet-reachable Foldr URL. Returns a graded report listing every protocol version and cipher suite the server will negotiate, plus known-weakness flags.
testssl.shfor internal-only deployments that aren’t reachable from SSL Labs.openssl s_client -connect your-foldr:443 -tls1_2for a quick spot-check that a specific TLS version still negotiates.
Note on accuracy
The cipher strings above are taken from the appliance’s TLS-mode toggle implementation as shipped in the current Foldr release. If you’re on an older Foldr version or have customised nginx by hand, your live config may differ. The verification tools above show what the server actually does today, which always wins over what this article says.
Related articles
- The appliance console: command list: every console command.
- Installing a signed SSL certificate: cert install and renewal flows.
- Let’s Encrypt SSL certificates: free auto-renewing certs.