Mercurial > hg > nginx

changeset 5319:50f531a55b73

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed misleading example SSL config. a) ssl as listen parameter is preferable. b) ssl_protocols defaults are better because they do not forbid TLS versions 1.1 and 1.2. c) ssl_session_timeout has sense only with SSL cache.
author Sergey Budnevitch <sb@waeme.net>
date Wed, 07 Aug 2013 20:01:43 +0400
parents 7094bd12c1ff
children ad137a80919f
files conf/nginx.conf
diffstat 1 files changed, 2 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -96,16 +96,15 @@ http {
     # HTTPS server
     #
     #server {
-    #    listen       443;
+    #    listen       443 ssl;
     #    server_name  localhost;
 
-    #    ssl                  on;
     #    ssl_certificate      cert.pem;
     #    ssl_certificate_key  cert.key;
 
+    #    ssl_session_cache shared:SSL:1m;
     #    ssl_session_timeout  5m;
 
-    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
     #    ssl_ciphers  HIGH:!aNULL:!MD5;
     #    ssl_prefer_server_ciphers   on;