Which is of course not true. Setting
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; will activate TLSv1, v1.1 and v1.2. So why am I writing this?
The documentation clearly states that
ssl_protocols can be set in the context of
server. Which is true. But you can set
ssl_protocols only once per port. Sadly this is not mentioned in the documentation. I don't know if Nginx stops after the first definition or takes the last definition, but that was exacly my problem.
I had a server with multiple site-configurations on one port (aka vhosts on port 80). Since I was testing new configurations, I only enabled TLSv1.2 for one config… and nothing happend; only TLSv1 was possible. So the search began.
tl;dr: With Nginx you can define
ssl_protocols only once per port. So it's better to keep it in the
nginx.conf or to create a separate
ssl.conf with all the ssl parameters you need. Multiple protocols on one port are not possible.
Does anyone know whom to poke for changes in the docs? Please send me a note.