details: http://hg.nginx.org/nginx/rev/50f531a55b73 branches: changeset: 5319:50f531a55b73 user: Sergey Budnevitch <s...@waeme.net> date: Wed Aug 07 20:01:43 2013 +0400 description: Fixed misleading example SSL config.
a) ssl as listen parameter is preferable. b) ssl_protocols defaults are better because they do not forbid TLS versions 1.1 and 1.2. c) ssl_session_timeout has sense only with SSL cache. diffstat: conf/nginx.conf | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diffs (22 lines): diff -r 7094bd12c1ff -r 50f531a55b73 conf/nginx.conf --- a/conf/nginx.conf Tue Aug 06 19:58:40 2013 +0400 +++ b/conf/nginx.conf Wed Aug 07 20:01:43 2013 +0400 @@ -96,16 +96,15 @@ http { # HTTPS server # #server { - # listen 443; + # listen 443 ssl; # server_name localhost; - # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; + # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; - # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel