Mercurial > hg > nginx-site
changeset 1505:47f70f50d554
Removed recommendation about using RC4.
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Wed, 10 Jun 2015 20:31:56 +0300 |
| parents | 0b89d1e54e8f |
| children | edd3d22724cb |
| files | xml/en/docs/http/configuring_https_servers.xml xml/ru/docs/http/configuring_https_servers.xml |
| diffstat | 2 files changed, 2 insertions(+), 26 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/configuring_https_servers.xml +++ b/xml/en/docs/http/configuring_https_servers.xml @@ -8,7 +8,7 @@ <article name="Configuring HTTPS servers" link="/en/docs/http/configuring_https_servers.html" lang="en" - rev="8" + rev="9" author="Igor Sysoev" editor="Brian Mercer"> @@ -63,18 +63,6 @@ Note that default values of these direct <link id="compatibility">changed</link> several times. </para> -<para> -CBC-mode ciphers might be vulnerable to a number of attacks and to -the BEAST attack in particular (see -<link url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389">CVE-2011-3389</link>). -Configuration of ciphers can be adjusted to prefer RC4-SHA as the following: - -<programlisting> - ssl_ciphers RC4:HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; -</programlisting> -</para> - </section>
--- a/xml/ru/docs/http/configuring_https_servers.xml +++ b/xml/ru/docs/http/configuring_https_servers.xml @@ -8,7 +8,7 @@ <article name="Настройка HTTPS-серверов" link="/ru/docs/http/configuring_https_servers.html" lang="ru" - rev="8" + rev="9" author="Игорь Сысоев" editor="Brian Mercer"> @@ -63,18 +63,6 @@ server { <link id="compatibility">менялись</link>. </para> -<para> -Известно, что шифры с CBC-режимом уязвимы к ряду атак, в частности -к BEAST-атаке (см. -<link url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389">CVE-2011-3389</link>). -Настройка шифров может быть изменена так, чтобы предпочитался RC4-SHA: - -<programlisting> - ssl_ciphers RC4:HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; -</programlisting> -</para> - </section>