Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 1505:47f70f50d554
Removed recommendation about using RC4.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 10 Jun 2015 20:31:56 +0300 |
parents | 3687cc9a3592 |
children | ecf2dd95ceb6 |
comparison
equal
deleted
inserted
replaced
1504:0b89d1e54e8f | 1505:47f70f50d554 |
---|---|
6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> | 6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> |
7 | 7 |
8 <article name="Configuring HTTPS servers" | 8 <article name="Configuring HTTPS servers" |
9 link="/en/docs/http/configuring_https_servers.html" | 9 link="/en/docs/http/configuring_https_servers.html" |
10 lang="en" | 10 lang="en" |
11 rev="8" | 11 rev="9" |
12 author="Igor Sysoev" | 12 author="Igor Sysoev" |
13 editor="Brian Mercer"> | 13 editor="Brian Mercer"> |
14 | 14 |
15 <section> | 15 <section> |
16 | 16 |
59 “<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2</literal>” | 59 “<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2</literal>” |
60 and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”, | 60 and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”, |
61 so configuring them explicitly is generally not needed. | 61 so configuring them explicitly is generally not needed. |
62 Note that default values of these directives were | 62 Note that default values of these directives were |
63 <link id="compatibility">changed</link> several times. | 63 <link id="compatibility">changed</link> several times. |
64 </para> | |
65 | |
66 <para> | |
67 CBC-mode ciphers might be vulnerable to a number of attacks and to | |
68 the BEAST attack in particular (see | |
69 <link url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389">CVE-2011-3389</link>). | |
70 Configuration of ciphers can be adjusted to prefer RC4-SHA as the following: | |
71 | |
72 <programlisting> | |
73 ssl_ciphers RC4:HIGH:!aNULL:!MD5; | |
74 ssl_prefer_server_ciphers on; | |
75 </programlisting> | |
76 </para> | 64 </para> |
77 | 65 |
78 </section> | 66 </section> |
79 | 67 |
80 | 68 |