Guard against poodle vulnerability by default

Closes #2339
2025-12-29 00:25:08 +01:00 · 2016-08-07 21:11:13 -04:00
parent 3651e56ca5
commit e3463613d4
1 changed files with 1 additions and 0 deletions
--- a/plugins/nginx-vhosts/templates/nginx.conf.sigil
+++ b/plugins/nginx-vhosts/templates/nginx.conf.sigil
@@ -47,6 +47,7 @@ server {

  ssl_certificate     {{ $.APP_SSL_PATH }}/server.crt;
  ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
+  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

  keepalive_timeout   70;
  {{ if eq $.SPDY_SUPPORTED "true" }}add_header          Alternate-Protocol  {{ $.NGINX_SSL_PORT }}:npn-spdy/2;{{ end }}