Fixed misleading example SSL config.

a) ssl as listen parameter is preferable.
b) ssl_protocols defaults are better because they do not forbid TLS versions
   1.1 and 1.2.
c) ssl_session_timeout has sense only with SSL cache.

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 3bb3389365fd76d4b89e1ad42c6ded821fcae82c..27b8e03c68aa1ab404ebc1ba76efc1a8399a8ae3 100644 (file)
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -96,16 +96,15 @@ http {
     # HTTPS server
     #
     #server {
-    #    listen       443;
+    #    listen       443 ssl;
     #    server_name  localhost;
 
-    #    ssl                  on;
     #    ssl_certificate      cert.pem;
     #    ssl_certificate_key  cert.key;
 
+    #    ssl_session_cache shared:SSL:1m;
     #    ssl_session_timeout  5m;
 
-    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
     #    ssl_ciphers  HIGH:!aNULL:!MD5;
     #    ssl_prefer_server_ciphers   on;