disable "SSL 2.0+ upgrade support" in nginx

Posted by Bhargava on Server Fault See other posts from Server Fault or by Bhargava
Published on 2012-03-30T06:47:34Z Indexed on 2012/03/30 17:32 UTC
Read the original article Hit count: 328

Filed under:
|

I evaluated the SSL credentials of my server with qualsys ssl page ( https://www.ssllabs.com/ssldb/index.html ) and found the entry "SSL 2.0+ upgrade support" being marked as yes. I want to disable this sslv2 handshake too. I searched around and found http://forum.nginx.org/read.php?2,104032m, which points to creating a openssl.cnf file.

Have a naive question here. After creating the file, does one need to re-key his certificate for this to work ? Are there any other steps to follow ?

I use nginx 1.0.11 and openssl "OpenSSL 1.0.0e-fips 6 Sep 2011". I have set ssl_ciphers in nginx to SSLv3 TLSv1;

© Server Fault or respective owner

Related posts about nginx

Related posts about ssl