TLS cipher suites

Per BSI TR-02102-2

BSI-TR-02102-2-compliant cipher list for Nginx, Apache, Caddy, HAProxy, Traefik, Envoy, lighttpd, IIS, Postfix, Dovecot, Tomcat, PostgreSQL, MySQL/MariaDB and Redis.

What is this, and when do I need it?

What is this?

TLS cipher suites are the cryptographic algorithms your web server uses to negotiate an HTTPS connection with the browser: key exchange, authentication, encryption, integrity. The lists on server and client must overlap, otherwise the connection fails.

Outdated ciphers (3DES, RC4, CBC without AEAD) are not just cryptographically broken but also trigger compliance findings (BSI TR-02102-2, PCI-DSS, IT-Grundschutz). This tool produces a conservative, BSI-compliant list - with output formats for the most common web servers.

When do I need it?

Whenever you install a new web server or reverse proxy, and as a routine check every 12-24 months. TLS standards evolve; what was acceptable in 2023 may already be deprecated in 2026.

Tip: after a change, double-check via ssllabs.com/ssltest/ - you see at a glance which ciphers actually get negotiated.

Should already be in place

nginx.conf per BSI TR-02102-2
# TLS ciphers per bsi-modern, BSI TR-02102-2 v2024-1 / Mozilla SSL Config
# Created with Dernium Webtools

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM:!aNULL:!MD5:!3DES';
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_ecdh_curve X25519:secp384r1:secp256r1:brainpoolP384r1;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

Kostenlos, ohne Gewähr (Best-Effort). Erzeugte wie geprüfte Angaben sind unverbindlich; für fehlerhafte oder unvollständige Ergebnisse und Konfigurationen übernehmen wir keine Haftung. Anwendung und Prüfung erfolgen in eigener Verantwortung, vor dem Produktiveinsatz bitte testen.

Free, no warranty (best effort). Generated and inspected values are non-binding; we accept no liability for erroneous or incomplete results or configurations. Use and verification are your own responsibility; please test before production use.

Notes on profile selection:

  • BSI strict: government and critical infrastructure preset - excludes DHE suites and only accepts EC-based keys.
  • BSI modern: the recommended choice for the private sector - DHE fallback available for older clients.
  • Mozilla Intermediate: broader client compatibility, marginally weaker than BSI modern (e.g. AES128 ranked first).