Default SSL protocols

Igor Sysoev is at
Sun Oct 4 23:40:04 MSD 2009

On Sat, Oct 03, 2009 at 11:07:44PM +0100, Matt Goodall wrote:

> I just noticed that the SSL module enables SSLv2 by default,
> "ssl_protocols SSLv2 SSLv3 TLSv1 " (see
> Given that SSLv2 is generally considered "weak" these days
> ( and is
> disabled in most modern browsers would it make sense to change the
> default to "ssl_protocols SSLv3 TLSv1"?

I thought to disable it by default some time ago.
I will disable it in next 0.8.18 version.

Igor Sysoev

More information about the nginx mailing list