NginxProxyManager ignoring ssl-ciphers.conf with custom SSL certificate's

[Kopernikus1979]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug
When using a custom SSL certificate (in my case a Comodo/Sectigo Positive wildcard) and I do a SSL crypto check (cryptcheck.fr or ssl labs) for some reason all ciphers (including old unsecure ones) are enabled so ignoring the ones defined in the "ssl-ciphers.conf".

So to test I used the same host but this time I created a Let's Encrypt certificate instead of using my custom one, redid the crypto checks and now only the secure ciphers are showed (as defined in ssl-ciphers.cond).

Also tested this with another custom certificate same result...

@jc21 Can you have al look at this plz?

Btw expect a donation for your great work.

Thx

[Kopernikus1979]

@jc21

Did some more research and found out why this is happening:

If you create a proxy, there a config file created inside /data/nginx/proxy_host (x.conf)

To test I created the same proxy but first with the custom SSL and second time with Let's Encrypt.

When I compared the two configs I noticed that in the config file for the Let's Encrypt host, the config line "include conf.d/include/ssl-ciphers.conf;" is added, if you look to the same proxy host with custom certificate that config line is not added.

Then to test I added the line manual to the proxy host with custom ssl and then the correct ciphers are used.

So as a workaround I just add "include conf.d/include/ssl-ciphers.conf; in the advanced tab section of the proxy hosts.

Btw: I posted this bug also on the Github off jlesage since the same problem exists here also

[github-actions]

Issue is now considered stale. If you want to keep it open, please comment 👍

[github-actions]

Issue was closed due to inactivity.