From 4689c00fad979c89554eb58af078da47f924c9b6 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie@coreos.com>
Date: Wed, 20 May 2015 16:31:32 -0400
Subject: [PATCH] nginx: drop SSLv3, support TLS 1.1 & 1.2

---
 conf/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 8375febd0..9e3aead80 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -17,7 +17,7 @@ http {
         ssl_certificate ./stack/ssl.cert;
         ssl_certificate_key ./stack/ssl.key;
         ssl_session_timeout 5m;
-        ssl_protocols SSLv3 TLSv1;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
         ssl_prefer_server_ciphers on;
     }
@@ -33,7 +33,7 @@ http {
         ssl_certificate ./stack/ssl.cert;
         ssl_certificate_key ./stack/ssl.key;
         ssl_session_timeout 5m;
-        ssl_protocols SSLv3 TLSv1;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
         ssl_prefer_server_ciphers on;
     }