nginx does't allow ssl_protocols to be excluded, only to be included. Our given examp...
authorPepi Zawodsky <git@maclemon.at>
Thu, 28 Nov 2013 13:01:15 +0000 (14:01 +0100)
committerPepi Zawodsky <git@maclemon.at>
Thu, 28 Nov 2013 13:01:15 +0000 (14:01 +0100)
src/practical_settings/webserver.tex

index 3000459..941cb32 100644 (file)
@@ -116,7 +116,7 @@ lighttpd httpS:// redirection: \url{http://redmine.lighttpd.net/projects/1/wiki/
 
 \begin{lstlisting}[breaklines]
   ssl_prefer_server_ciphers on;
-  ssl_protocols -SSLv2 -SSLv3; 
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA';
   add_header Strict-Transport-Security max-age=2592000;
   add_header X-Frame-Options DENY;