>> You guys were so right. What an excellent http server/proxy. I used >> this very simple howto: >> >> http://kbeezie.com/apache-with-nginx/ >> >> I can probably dump a lot of apache config. I still need SSL on both >> servers even though only nginx faces the user? >> >> For imap proxy, nginx requires an HTTP auth server and I can't figure >> out what that refers to. I can stick with imapproxy there. > > You don't need SSL at both. Only nginx is enough. > But to ensure nginx performs well at SSL, follow this - > http://matt.io/entry/ur
Check out this post: http://www.hybridforge.com/blog/nginx-ssl-ciphers-and-pci-compliance They show you how to disable the slow DHE ciphers and also how to make nginx immune to the BEAST SSL vulnerability: ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; ssl_prefer_server_ciphers on; They also mention this for PCI compliance (which disables SSLv2): ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; but that seems to be the current default in nginx: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols - Grant
