Mercurial > hg > nginx
comparison conf/nginx.conf @ 5319:50f531a55b73
Fixed misleading example SSL config.
a) ssl as listen parameter is preferable.
b) ssl_protocols defaults are better because they do not forbid TLS versions
1.1 and 1.2.
c) ssl_session_timeout has sense only with SSL cache.
| author | Sergey Budnevitch <sb@waeme.net> |
|---|---|
| date | Wed, 07 Aug 2013 20:01:43 +0400 |
| parents | 1e90599af73b |
| children | d22eb224aedf |
comparison
equal
deleted
inserted
replaced
| 5318:7094bd12c1ff | 5319:50f531a55b73 |
|---|---|
| 94 | 94 |
| 95 | 95 |
| 96 # HTTPS server | 96 # HTTPS server |
| 97 # | 97 # |
| 98 #server { | 98 #server { |
| 99 # listen 443; | 99 # listen 443 ssl; |
| 100 # server_name localhost; | 100 # server_name localhost; |
| 101 | 101 |
| 102 # ssl on; | |
| 103 # ssl_certificate cert.pem; | 102 # ssl_certificate cert.pem; |
| 104 # ssl_certificate_key cert.key; | 103 # ssl_certificate_key cert.key; |
| 105 | 104 |
| 105 # ssl_session_cache shared:SSL:1m; | |
| 106 # ssl_session_timeout 5m; | 106 # ssl_session_timeout 5m; |
| 107 | 107 |
| 108 # ssl_protocols SSLv2 SSLv3 TLSv1; | |
| 109 # ssl_ciphers HIGH:!aNULL:!MD5; | 108 # ssl_ciphers HIGH:!aNULL:!MD5; |
| 110 # ssl_prefer_server_ciphers on; | 109 # ssl_prefer_server_ciphers on; |
| 111 | 110 |
| 112 # location / { | 111 # location / { |
| 113 # root html; | 112 # root html; |