Default SSL protocols
gunblad3 at gmail.com
Sun Oct 4 15:27:14 MSD 2009
Yeps I agree on that point. Wonder what the others think of this?
Just for reference/discussion, I set my SSL parameters to be as such:
ssl_protocols SSLv3 TLSv1;
On Sun, Oct 4, 2009 at 6:07 AM, Matt Goodall <matt.goodall at gmail.com> wrote:
> I just noticed that the SSL module enables SSLv2 by default,
> "ssl_protocols SSLv2 SSLv3 TLSv1 " (see
> Given that SSLv2 is generally considered "weak" these days
> (http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Security) and is
> disabled in most modern browsers would it make sense to change the
> default to "ssl_protocols SSLv3 TLSv1"?
> - Matt
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx