Default SSL protocols
is at rambler-co.ru
Sun Oct 4 23:40:04 MSD 2009
On Sat, Oct 03, 2009 at 11:07:44PM +0100, Matt Goodall wrote:
> I just noticed that the SSL module enables SSLv2 by default,
> "ssl_protocols SSLv2 SSLv3 TLSv1 " (see
> Given that SSLv2 is generally considered "weak" these days
> (http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Security) and is
> disabled in most modern browsers would it make sense to change the
> default to "ssl_protocols SSLv3 TLSv1"?
I thought to disable it by default some time ago.
I will disable it in next 0.8.18 version.
More information about the nginx