Default SSL protocols

Ray gunblad3 at gmail.com
Sun Oct 4 15:27:14 MSD 2009


Yeps I agree on that point.  Wonder what the others think of this?

Just for reference/discussion, I set my SSL parameters to be as such:
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:MEDIUM:!SSLv2:!aNULL:@STRENGTH;

Ray

On Sun, Oct 4, 2009 at 6:07 AM, Matt Goodall <matt.goodall at gmail.com> wrote:

> Hi,
>
> I just noticed that the SSL module enables SSLv2 by default,
> "ssl_protocols SSLv2 SSLv3 TLSv1 " (see
> http://wiki.nginx.org/NginxHttpSslModule#ssl_protocols).
>
> Given that SSLv2 is generally considered "weak" these days
> (http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Security) and is
> disabled in most modern browsers would it make sense to change the
> default to "ssl_protocols SSLv3 TLSv1"?
>
> - Matt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20091004/9f5465e8/attachment.html>


More information about the nginx mailing list