id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
642	Cannot specify a minimum SSL/TLS version without also specifying a maximum	Anders Kaseorg		"The [http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols ssl_protocols directive] only lets you specify a whitelist of SSL/TLS versions, not a blacklist.  Therefore, if you want to disable a protocol that’s in the default whitelist, you are also implicitly disabling all the protocols that haven’t been invented yet.  In particular, all the nginx admins who are paying attention now because SSL 3.0 is broken and getting publicity are inadvertently going to be creating the next generation of TLS 1.3 intolerant servers.

ssl_protocols should support (and encourage) a blacklist syntax, like Apache’s
{{{
SSLProtocol all -SSLv2 -SSLv3
}}}
"	enhancement	closed	minor		nginx-module	1.7.x	wontfix				1.7.6