nginx-site: xml/en/docs/http/ngx_http_ssl

Documented the "ssl_session_ticket_key" directive in http and mail.

author	Vladimir Homutov <vl@nginx.com>
date	Fri, 22 Nov 2013 16:44:41 +0400
parents	95c3c3bbf1ce
children	f7ca80263893

comparison

equal deleted inserted replaced

-:19129672444e
+:2b6a858c60dc
 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
 <module name="Module ngx_http_ssl_module"
 link="/en/docs/http/ngx_http_ssl_module.html"
 lang="en"
-rev="7">
+rev="8">
 <section id="summary">
 <para>
 The <literal>ngx_http_ssl_module</literal> module provides the
 </para>
 </directive>
+<directive name="ssl_session_ticket_key">
+<syntax><value>file</value></syntax>
+<default/>
+<context>http</context>
+<context>server</context>
+<appeared-in>1.5.7</appeared-in>
+<para>
+Sets a <value>file</value> with the secret key used to encrypt
+and decrypt TLS session tickets.
+The directive is necessary if the same key has to be shared between
+multiple servers.
+By default, a randomly generated key is used.
+</para>
+<para>
+If several keys are specified, only the first key is
+used to encrypt TLS session tickets.
+This allows to configure key rotation, for example:
+<example>
+ssl_session_ticket_key current.key;
+ssl_session_ticket_key previous.key;
+</example>
+</para>
+<para>
+The <value>file</value> must contain 48 bytes of random data and can
+be created using the following command:
+<example>
+openssl rand 48 > ticket.key
+</example>
+</para>
+</directive>
 <directive name="ssl_session_timeout">
 <syntax><value>time</value></syntax>
 <default>5m</default>
 <context>http</context>
 <context>server</context>

Mercurial > hg > nginx-site