Disable deprecated SSLv3 (POODLE fix)
authorHanno Böck <hanno@gentoo.org>
Fri, 19 Dec 2014 03:09:45 +0000 (04:09 +0100)
committerTom Hughes <tom@compton.nu>
Fri, 19 Dec 2014 08:47:12 +0000 (08:47 +0000)
cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb

index 60059837b6cf56f5efd923fb6d8a955ee107cfc7..2a9bbb11e09e2a81d7a82327ba872136b52e1f17 100644 (file)
@@ -7,7 +7,7 @@ server {
     ssl_certificate      /etc/ssl/certs/<%= @certificate %>.pem;
     ssl_certificate_key  /etc/ssl/private/<%= @certificate %>.key;
 
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5;
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:30m;