Default SSL protocols

Ray gunblad3 at
Sun Oct 4 15:27:14 MSD 2009

Yeps I agree on that point.  Wonder what the others think of this?

Just for reference/discussion, I set my SSL parameters to be as such:
ssl_protocols SSLv3 TLSv1;


On Sun, Oct 4, 2009 at 6:07 AM, Matt Goodall <matt.goodall at> wrote:

> Hi,
> I just noticed that the SSL module enables SSLv2 by default,
> "ssl_protocols SSLv2 SSLv3 TLSv1 " (see
> Given that SSLv2 is generally considered "weak" these days
> ( and is
> disabled in most modern browsers would it make sense to change the
> default to "ssl_protocols SSLv3 TLSv1"?
> - Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list