id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 920 SSLv3 is still enabled by default in Stable dave.qccareerschool.com@… "According to the documentation at http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols, the default is {{{ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; }}} But line 564 of src/http/modules/ngx_http_ssl_module.c still includes SSLv3 by default {{{ (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 }}} According to https://trac.nginx.org/nginx/ticket/653, this has been fixed, and it is fixed in the Mainline branch. Is it supposed to be fixed for the Stable branch as well? If not, should the documentation reflect that?" defect closed minor documentation 1.8.x wontfix Linux sites.qccareerschool.com 2.6.32-573.18.1.el6.x86_64 #1 SMP Tue Feb 9 22:46:17 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.8.1 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-http_geoip_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=native'"