disable SSLv2 and low ciphers by default

commit: cf9dd76b43b345dedef2a43b775a0a16f5a2ace7 [log] [tgz]
author: Igor Sysoev <igor@sysoev.ru> Tue Oct 06 14:24:53 2009 +0000
committer: Igor Sysoev <igor@sysoev.ru> Tue Oct 06 14:24:53 2009 +0000
tree: e26b4d05ea920afce511d9b4c9447c16b9996a60
parent: 280d6955e37f9ecd592a55ac70621e2cabfffcdc [diff] [blame]
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 025df54..c9a9f35 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c

@@ -9,7 +9,7 @@
 #include <ngx_mail.h>
 
 
-#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM"
 
 
 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
@@ -198,8 +198,7 @@
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-                         (NGX_CONF_BITMASK_SET
-                          |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
+                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
 
     ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
     ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
commit	cf9dd76b43b345dedef2a43b775a0a16f5a2ace7	[log] [tgz]
author	Igor Sysoev <igor@sysoev.ru>	Tue Oct 06 14:24:53 2009 +0000
committer	Igor Sysoev <igor@sysoev.ru>	Tue Oct 06 14:24:53 2009 +0000
tree	e26b4d05ea920afce511d9b4c9447c16b9996a60
parent	280d6955e37f9ecd592a55ac70621e2cabfffcdc [diff] [blame]