Fixed misleading example SSL config.

a) ssl as listen parameter is preferable.
b) ssl_protocols defaults are better because they do not forbid TLS versions
   1.1 and 1.2.
c) ssl_session_timeout has sense only with SSL cache.
This commit is contained in:
Sergey Budnevitch 2013-08-07 20:01:43 +04:00
parent 74dfd08957
commit be27365bb1

View File

@ -96,16 +96,15 @@ http {
# HTTPS server
#
#server {
# listen 443;
# listen 443 ssl;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;