From e3463613d4dff86c097f93995d079a6e87607dd3 Mon Sep 17 00:00:00 2001 From: Jose Diaz-Gonzalez Date: Sun, 7 Aug 2016 21:11:13 -0400 Subject: [PATCH] Guard against poodle vulnerability by default Closes #2339 --- plugins/nginx-vhosts/templates/nginx.conf.sigil | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/nginx-vhosts/templates/nginx.conf.sigil b/plugins/nginx-vhosts/templates/nginx.conf.sigil index e1f2026e7..1d00745b0 100644 --- a/plugins/nginx-vhosts/templates/nginx.conf.sigil +++ b/plugins/nginx-vhosts/templates/nginx.conf.sigil @@ -47,6 +47,7 @@ server { ssl_certificate {{ $.APP_SSL_PATH }}/server.crt; ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; keepalive_timeout 70; {{ if eq $.SPDY_SUPPORTED "true" }}add_header Alternate-Protocol {{ $.NGINX_SSL_PORT }}:npn-spdy/2;{{ end }}