diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2009-10-06 14:24:53 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2009-10-06 14:24:53 +0000 |
| commit | cf9dd76b43b345dedef2a43b775a0a16f5a2ace7 (patch) | |
| tree | e26b4d05ea920afce511d9b4c9447c16b9996a60 /src/http/modules/ngx_http_ssl_module.c | |
| parent | 280d6955e37f9ecd592a55ac70621e2cabfffcdc (diff) | |
| download | nginx-cf9dd76b43b345dedef2a43b775a0a16f5a2ace7.tar.gz nginx-cf9dd76b43b345dedef2a43b775a0a16f5a2ace7.zip | |
disable SSLv2 and low ciphers by default
Diffstat (limited to 'src/http/modules/ngx_http_ssl_module.c')
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index cc0b932d2..1d67eeb26 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -13,7 +13,7 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); -#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" +#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM" static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, @@ -347,8 +347,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET - |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); + (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |