Fixed misleading example SSL config.

a) ssl as listen parameter is preferable. b) ssl_protocols defaults are better because they do not forbid TLS versions 1.1 and 1.2. c) ssl_session_timeout has sense only with SSL cache.
author: Sergey Budnevitch <sb@waeme.net> 2013-08-07 20:01:43 +0400
committer: Sergey Budnevitch <sb@waeme.net> 2013-08-07 20:01:43 +0400
commit: be27365bb10e255330d3baeda2b918ea9fd79b8e (patch)
tree: 34549ec97e7286bda088ab9e576e4d4089e83e0e /conf
parent: 74dfd08957279720873bd89fe6b3d1a78a61cc0c (diff)
download: nginx-be27365bb10e255330d3baeda2b918ea9fd79b8e.tar.gz
nginx-be27365bb10e255330d3baeda2b918ea9fd79b8e.tar.bz2
1 files changed, 2 insertions, 3 deletions
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 3bb338936..27b8e03c6 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -96,16 +96,15 @@ http {
     # HTTPS server
     #
     #server {
-    #    listen       443;
+    #    listen       443 ssl;
     #    server_name  localhost;
 
-    #    ssl                  on;
     #    ssl_certificate      cert.pem;
     #    ssl_certificate_key  cert.key;
 
+    #    ssl_session_cache shared:SSL:1m;
     #    ssl_session_timeout  5m;
 
-    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
     #    ssl_ciphers  HIGH:!aNULL:!MD5;
     #    ssl_prefer_server_ciphers   on;
author	Sergey Budnevitch <sb@waeme.net>	2013-08-07 20:01:43 +0400
committer	Sergey Budnevitch <sb@waeme.net>	2013-08-07 20:01:43 +0400
commit	be27365bb10e255330d3baeda2b918ea9fd79b8e (patch)
tree	34549ec97e7286bda088ab9e576e4d4089e83e0e /conf
parent	74dfd08957279720873bd89fe6b3d1a78a61cc0c (diff)
download	nginx-be27365bb10e255330d3baeda2b918ea9fd79b8e.tar.gz nginx-be27365bb10e255330d3baeda2b918ea9fd79b8e.tar.bz2