Fixed misleading example SSL config. a) ssl as listen parameter is preferable. b) ssl_protocols defaults are better because they do not forbid TLS versions 1.1 and 1.2. c) ssl_session_timeout has sense only with SSL cache.

commit: be27365bb10e255330d3baeda2b918ea9fd79b8e [log] [tgz]
author: Sergey Budnevitch <sb@waeme.net> Wed Aug 07 20:01:43 2013 +0400
committer: Sergey Budnevitch <sb@waeme.net> Wed Aug 07 20:01:43 2013 +0400
tree: 34549ec97e7286bda088ab9e576e4d4089e83e0e
parent: 74dfd08957279720873bd89fe6b3d1a78a61cc0c [diff] [blame]
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 3bb3389..27b8e03 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf

@@ -96,16 +96,15 @@
     # HTTPS server
     #
     #server {
-    #    listen       443;
+    #    listen       443 ssl;
     #    server_name  localhost;
 
-    #    ssl                  on;
     #    ssl_certificate      cert.pem;
     #    ssl_certificate_key  cert.key;
 
+    #    ssl_session_cache shared:SSL:1m;
     #    ssl_session_timeout  5m;
 
-    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
     #    ssl_ciphers  HIGH:!aNULL:!MD5;
     #    ssl_prefer_server_ciphers   on;
commit	be27365bb10e255330d3baeda2b918ea9fd79b8e	[log] [tgz]
author	Sergey Budnevitch <sb@waeme.net>	Wed Aug 07 20:01:43 2013 +0400
committer	Sergey Budnevitch <sb@waeme.net>	Wed Aug 07 20:01:43 2013 +0400
tree	34549ec97e7286bda088ab9e576e4d4089e83e0e
parent	74dfd08957279720873bd89fe6b3d1a78a61cc0c [diff] [blame]