In Nginx revers proxy unable to disable TLS1
Maxim Dounin
mdounin at mdounin.ru
Mon Dec 10 15:03:52 UTC 2018
Hello!
On Sun, Dec 09, 2018 at 11:56:33PM -0500, blason wrote:
> Do you mean I need to mention in each and every reverse proxy stanza or in
> default config?
You have to configure ssl_protocols in the default server for the
listening socket in question.
As previously suggested, most simple solution would be to
configure ssl_protocols in the http{} block in nginx.conf.
> Is this right?
>
> [root at xxxxxx conf.d]# vi default.conf
> server {
> listen 80 default_server;
> #server_name "";
> server_name _;
> return 444;
> ssl_protocols TLSv1.2;
>
> #charset koi8-r;
> #access_log /var/log/nginx/log/host.access.log main;
>
> location / {
> root /usr/share/nginx/html;
> index index.html index.htm;
> }
No. The server{} block in question is default for the port 80,
which is plain HTTP, and does not use SSL. Note
> listen 80 default_server;
is the only listening socket in this server block.
You need to configure ssl_protocols in the server{} block which is
the default for HTTPS listening socket, usually on port 443.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list