Mercurial > hg > nginx
changeset 5319:50f531a55b73
Fixed misleading example SSL config.
a) ssl as listen parameter is preferable.
b) ssl_protocols defaults are better because they do not forbid TLS versions
1.1 and 1.2.
c) ssl_session_timeout has sense only with SSL cache.
author | Sergey Budnevitch <sb@waeme.net> |
---|---|
date | Wed, 07 Aug 2013 20:01:43 +0400 |
parents | 7094bd12c1ff |
children | ad137a80919f |
files | conf/nginx.conf |
diffstat | 1 files changed, 2 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/conf/nginx.conf Tue Aug 06 19:58:40 2013 +0400 +++ b/conf/nginx.conf Wed Aug 07 20:01:43 2013 +0400 @@ -96,16 +96,15 @@ # HTTPS server # #server { - # listen 443; + # listen 443 ssl; # server_name localhost; - # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; + # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; - # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on;