# HG changeset patch
# User Sergey Budnevitch <sb@waeme.net>
# Date 1375891303 -14400
# Node ID 50f531a55b737239a2e06192ae1aafcc5279b4a9
# Parent  7094bd12c1ff790da083f2a589f8c9c5913fdf27
Fixed misleading example SSL config.

a) ssl as listen parameter is preferable.
b) ssl_protocols defaults are better because they do not forbid TLS versions
   1.1 and 1.2.
c) ssl_session_timeout has sense only with SSL cache.

diff --git a/conf/nginx.conf b/conf/nginx.conf
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -96,16 +96,15 @@ http {
     # HTTPS server
     #
     #server {
-    #    listen       443;
+    #    listen       443 ssl;
     #    server_name  localhost;
 
-    #    ssl                  on;
     #    ssl_certificate      cert.pem;
     #    ssl_certificate_key  cert.key;
 
+    #    ssl_session_cache shared:SSL:1m;
     #    ssl_session_timeout  5m;
 
-    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
     #    ssl_ciphers  HIGH:!aNULL:!MD5;
     #    ssl_prefer_server_ciphers   on;