details: http://hg.nginx.org/nginx/rev/50f531a55b73
branches:
changeset: 5319:50f531a55b73
user: Sergey Budnevitch <sb@waeme.net>
date: Wed Aug 07 20:01:43 2013 +0400
description:
Fixed misleading example SSL config.

a) ssl as listen parameter is preferable.
b) ssl_protocols defaults are better because they do not forbid TLS versions
1.1 and 1.2.
c) ssl_session_timeout has sense only with SSL cache.

diffstat:

conf/nginx.conf | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)

diffs (22 lines):

diff -r 7094bd12c1ff -r 50f531a55b73 conf/nginx.conf
--- a/conf/nginx.conf Tue Aug 06 19:58:40 2013 +0400
+++ b/conf/nginx.conf Wed Aug 07 20:01:43 2013 +0400
@@ -96,16 +96,15 @@ http {
# HTTPS server
#
#server {
- # listen 443;
+ # listen 443 ssl;
# server_name localhost;

- # ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;

+ # ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;

- # ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel