mex nginx-forum at
Fri Oct 17 15:29:00 UTC 2014

> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols`

thats the most important part

> directive. But, says that :
> ---- snip ----
> Downgrade attack prevention 	No, TLS_FALLBACK_SCSV not supported (more
> info[2])

TLS_FALLBACK_SCSV also prevents downgrades from TLSv1.2 -> TLSv1.1 -> TLSv1

and has got nothing to do with SSLv3

> With configuration:
> ---- snip ----
> SSLHonorCipherOrder On
> SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

isnt this the apacheconfig?

> So the question is, how important it is?

it is not yet important, but downgrade-attacks might happen

do you have nginx with a different openssl-library installed, e.g.
statically linked

please paste the full output from

$ nginx -V

Posted at Nginx Forum:,254106,254109#msg-254109

More information about the nginx mailing list