Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Nginx Fails to Start with nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/cb/nginx/conf.d/includes/cb.server.base_body:7

EDR: Nginx Fails to Start with nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/cb/nginx/conf.d/includes/cb.server.base_body:7


  • EDR Server: 7.x and above


Nginx is failing to start after upgrading from a 6.x series to 7.x series server. 
  • /var/log/cb/nginx/startup.log shows
nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/cb/nginx/conf.d/includes/cb.server.base_body:7


A new configuration property for UseIncreasedSecurityCiphers was added to cb.conf. The duplicate is caused by a previously customized cipher list


  1. Edit /etc/cb/nginx/conf.d/includes/cb.server.base_body
    1. Find the line ssl_ciphers and copy the current if you would like to continue using these ciphers
    2. Delete the ssl_ciphers line and save the file
  2. Edit /etc/cb/nginx/conf.d/templates/cipher_lists.conf.template
    1. Replace the following line with the previous ssl_ciphers copied, or keep the one already set (This is environmentally specific to your needs)
      • Default increased cipher set is 
        ssl_ciphers FIPS@STRENGTH:!aNULL:!eNULL:!ECDHE-RSA-AES256-SHA384:!AES256-GCM-SHA384:!AES256-SHA256;
    2. Save the file if changes were made
  3. Start cb-nginx
    CentOS/RHEL 6: service cb-nginx start
    CentOS/RHEL 7/8: systemctl start cb-nginx

Related Content

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: