Mercurial > hg > nginx-site

comparison xml/en/docs/http/configuring_https_servers.xml @ 1505:47f70f50d554

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Removed recommendation about using RC4.
author Yaroslav Zhuravlev <yar@nginx.com>
date Wed, 10 Jun 2015 20:31:56 +0300
parents 3687cc9a3592
children ecf2dd95ceb6
comparison
equal deleted inserted replaced
1504:0b89d1e54e8f 1505:47f70f50d554
6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> 6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd">
7 7
8 <article name="Configuring HTTPS servers" 8 <article name="Configuring HTTPS servers"
9 link="/en/docs/http/configuring_https_servers.html" 9 link="/en/docs/http/configuring_https_servers.html"
10 lang="en" 10 lang="en"
11 rev="8" 11 rev="9"
12 author="Igor Sysoev" 12 author="Igor Sysoev"
13 editor="Brian Mercer"> 13 editor="Brian Mercer">
14 14
15 <section> 15 <section>
16 16
59 “<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2</literal>” 59 “<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2</literal>”
60 and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”, 60 and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”,
61 so configuring them explicitly is generally not needed. 61 so configuring them explicitly is generally not needed.
62 Note that default values of these directives were 62 Note that default values of these directives were
63 <link id="compatibility">changed</link> several times. 63 <link id="compatibility">changed</link> several times.
64 </para>
65
66 <para>
67 CBC-mode ciphers might be vulnerable to a number of attacks and to
68 the BEAST attack in particular (see
69 <link url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389">CVE-2011-3389</link>).
70 Configuration of ciphers can be adjusted to prefer RC4-SHA as the following:
71
72 <programlisting>
73 ssl_ciphers RC4:HIGH:!aNULL:!MD5;
74 ssl_prefer_server_ciphers on;
75 </programlisting>
76 </para> 64 </para>
77 65
78 </section> 66 </section>
79 67
80 68