>> It looks like these changes from default are required for SSL session >> resumption and to mitigate the BEAST SSL vulnerability: >> >> ssl_session_cache shared:SSL:10m; >> ssl_ciphers RC4:HIGH:!aNULL:!MD5; >> ssl_prefer_server_ciphers on; >> >> Should the defaults be changed to these? > > The BEAST attack could be mitigated by various means, including > switching to TLS 1.1/1.2 (you probably do not want to due to > compatibility reasons) and/or fixing it on a client side (which is > considered to be right solution and already implemented by all > modern browsers). > > Use of the RC4 cipher is more a workaround than a permanent > solution, and hence there are no plans to make it the default.
OK, why not enable SSL session resumption by default? ssl_session_cache shared:SSL:10m; - Grant _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
