remove SSLv3 support in nginx config

2025-07-24 04:06:03 +00:00 · 2014-12-10 13:11:42 -08:00 · 2014-12-10 13:11:42 -08:00 · 89011f26f4
commit 89011f26f4
parent b7705d25c8
1 changed files with 2 additions and 1 deletions
--- a/cluster/saltbase/salt/nginx/kubernetes-site
+++ b/cluster/saltbase/salt/nginx/kubernetes-site
@ -38,7 +38,8 @@ server {

        ssl_session_timeout 5m;

-        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+        # don't use SSLv3 because of POODLE
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
        ssl_prefer_server_ciphers on;