SSL default changes?

Grant emailgrant at gmail.com
Mon Mar 11 04:48:47 UTC 2013


It looks like these changes from default are required for SSL session
resumption and to mitigate the BEAST SSL vulnerability:

ssl_session_cache shared:SSL:10m;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

Should the defaults be changed to these?

- Grant



More information about the nginx mailing list