Hi,

Looking to get some help from the group .

We are running nginx/0.7.62 and notice that https with red-cross (either
the connection is not encrypted or the page has some non https content and
in my case it is no encrypted connection ) this is how thw config looks


server {
listen 443;
server_name login.jobsgulf.com;
access_log on;
ssl on;
ssl_certificate login.jobsgulf.com.crt;
ssl_certificate_key login.jobsgulf.com.key;
ssl_protocols SSLv3 TLSv1 ;
# ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

I want to know if we really have to explicitly specify ssl_protocols and
ssl_ciphers in the config in order to be fully https for the said directive
??

Also does it make sense to enable ssl/tls support on apache also ? in my
case i have nginx in front of the apache .




--
*Tariq Wali.*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx