mirror of
https://github.com/nginx/nginx.git
synced 2024-12-22 15:13:28 -06:00
Fixed misleading example SSL config.
a) ssl as listen parameter is preferable. b) ssl_protocols defaults are better because they do not forbid TLS versions 1.1 and 1.2. c) ssl_session_timeout has sense only with SSL cache.
This commit is contained in:
parent
74dfd08957
commit
be27365bb1
@ -96,16 +96,15 @@ http {
|
|||||||
# HTTPS server
|
# HTTPS server
|
||||||
#
|
#
|
||||||
#server {
|
#server {
|
||||||
# listen 443;
|
# listen 443 ssl;
|
||||||
# server_name localhost;
|
# server_name localhost;
|
||||||
|
|
||||||
# ssl on;
|
|
||||||
# ssl_certificate cert.pem;
|
# ssl_certificate cert.pem;
|
||||||
# ssl_certificate_key cert.key;
|
# ssl_certificate_key cert.key;
|
||||||
|
|
||||||
|
# ssl_session_cache shared:SSL:1m;
|
||||||
# ssl_session_timeout 5m;
|
# ssl_session_timeout 5m;
|
||||||
|
|
||||||
# ssl_protocols SSLv2 SSLv3 TLSv1;
|
|
||||||
# ssl_ciphers HIGH:!aNULL:!MD5;
|
# ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
# ssl_prefer_server_ciphers on;
|
# ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user