[nginx] Fixed misleading example SSL config.

Thu Aug 8 10:08:17 UTC 2013

details:   http://hg.nginx.org/nginx/rev/50f531a55b73
branches:  
changeset: 5319:50f531a55b73
user:      Sergey Budnevitch <sb at waeme.net>
date:      Wed Aug 07 20:01:43 2013 +0400
description:
Fixed misleading example SSL config.

a) ssl as listen parameter is preferable.
b) ssl_protocols defaults are better because they do not forbid TLS versions
   1.1 and 1.2.
c) ssl_session_timeout has sense only with SSL cache.

diffstat:

 conf/nginx.conf |  5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diffs (22 lines):

diff -r 7094bd12c1ff -r 50f531a55b73 conf/nginx.conf

--- a/conf/nginx.conf	Tue Aug 06 19:58:40 2013 +0400
+++ b/conf/nginx.conf	Wed Aug 07 20:01:43 2013 +0400
@@ -96,16 +96,15 @@ http {
     # HTTPS server
     #
     #server {
-    #    listen       443;
+    #    listen       443 ssl;
     #    server_name  localhost;
 
-    #    ssl                  on;
     #    ssl_certificate      cert.pem;
     #    ssl_certificate_key  cert.key;
 
+    #    ssl_session_cache shared:SSL:1m;
     #    ssl_session_timeout  5m;
 
-    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
     #    ssl_ciphers  HIGH:!aNULL:!MD5;
     #    ssl_prefer_server_ciphers   on;
 

