Change the Web Console NGINX Configuration to Modify Available Ciphers

The LogRhythm Web UI uses NGINX at its core to host the Web Console. NGINX uses the OpenSSL library for SSL and TLS. This includes the ciphers available for connections. LogRhythm will continue to update the default cipher list to meet industry standards and balance customer needs for confidentiality, integrity, and availability.

If there is a requirement in the system to modify the available ciphers or cipher suites from the default settings, use the following instructions to modify the cipher list. 

In most cases, scanning software will provide the minimum suggested cipher list in the scan itself.

Modify NGINX SSL/TLS Cipher Suites

The NGINX service pulls the consul keyspace for its allowed Cipher Suite list. Changes to this configuration are automatically monitored and will trigger a restart of the LogRhythm Web UI service when modified. 

To edit the allowed NGINX SSL/TLS Cipher Suites:

1. Launch the LogRhythm Configuration Manager.
2. Click the Web Services menu on the left.
3. Select Show Advanced View at the bottom.
4. Scroll to the bottom of the Web Console UI - Hostname section.
5. The default value of "FIPS@STRENGTH:!aNULL:!eNULL:!DES:!3DES" can be modified as necessary.
6. Click Save to apply changes and automatically restart the service.

The default setting enforces FIPS compatible ciphers while disabling null, null authentication, DES and 3DES. To disable a specific cipher suite add :!CIPHER

Troubleshoot SSL Cipher Format

If you are experiencing issues with the format of the ciphers, refer to the OpenSSL Cipher List Format for more information on how this line is formatted to include or exclude specific ciphers or cipher suites.