Commit 9a4e0f0a authored by Christos Trochalakis's avatar Christos Trochalakis

Suggest disabling SSLv3 in default site

parent 32baa8bd
......@@ -16,6 +16,7 @@ nginx (1.6.2-3) UNRELEASED; urgency=medium
php configuration that can be included when needed. (Closes: #762491)
+ Introduce a `snippets/snakeoil.conf` snippet that enabled https
using the certs installed by the ssl-cert package.
+ Suggest disabling SSLv3 in default site with a ref to POODLE.
* debian/control:
+ nginx-common now suggests ssl-cert.
......
......@@ -26,7 +26,7 @@ server {
# Don't use them in a production server!
# include snippets/snakeoil.conf;
#
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment