Default SSL protocols

Matt Goodall matt.goodall at
Sun Oct 4 02:07:44 MSD 2009


I just noticed that the SSL module enables SSLv2 by default,
"ssl_protocols SSLv2 SSLv3 TLSv1 " (see

Given that SSLv2 is generally considered "weak" these days
( and is
disabled in most modern browsers would it make sense to change the
default to "ssl_protocols SSLv3 TLSv1"?

- Matt

More information about the nginx mailing list