disable "SSL 2.0+ upgrade support" in nginx
Posted
by
Bhargava
on Server Fault
See other posts from Server Fault
or by Bhargava
Published on 2012-03-30T06:47:34Z
Indexed on
2012/03/30
17:32 UTC
Read the original article
Hit count: 328
I evaluated the SSL credentials of my server with qualsys ssl page ( https://www.ssllabs.com/ssldb/index.html ) and found the entry "SSL 2.0+ upgrade support" being marked as yes. I want to disable this sslv2 handshake too. I searched around and found http://forum.nginx.org/read.php?2,104032m, which points to creating a openssl.cnf file.
Have a naive question here. After creating the file, does one need to re-key his certificate for this to work ? Are there any other steps to follow ?
I use nginx 1.0.11 and openssl "OpenSSL 1.0.0e-fips 6 Sep 2011". I have set ssl_ciphers in nginx to SSLv3 TLSv1;
© Server Fault or respective owner