ssllabs keeps saying sslv3 enabled when it isn't

Jesse Szypulski asked:

I can’t figure out why it keeps saying “C”. I have disabled SSLv3.

this is my config file

server {
    listen 80;
    listen 443 ssl spdy;
    ssl_certificate /etc/nginx/ssl/;
    ssl_certificate_key /etc/nginx/ssl/server.key;
    return 301$request_uri;
server {
    listen 443 ssl spdy;

    ssl_certificate /etc/nginx/ssl/;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    ssl_ciphers 'AES256+EECDH:AES256+EDH';

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache shared:SSL:10m;

    ssl_stapling on;
    ssl_stapling_verify on;
    resolver valid=300s;
    resolver_timeout 10s;

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/ error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;

    location ~ /\.ht {
        deny all;

    add_header Strict-Transport-Security max-age=63072000;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    root /home/kryptonit3/cablework/public;
    index index.html index.htm index.php;

My answer:

You forgot to specify ssl_protocols and ssl_ciphers for your server named So the defaults – whatever they are – get used.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.