Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 2948:37e082fd009c
Added TLSv1.3 to the default value of ssl_protocols and friends.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Fri, 10 Mar 2023 22:17:07 +0000 |
parents | 3f5e91af4a52 |
children | 2b02fee0d12e |
comparison
equal
deleted
inserted
replaced
2947:39a5ac34d794 | 2948:37e082fd009c |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="59"> | 13 rev="60"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
74 | 74 |
75 server { | 75 server { |
76 listen 443 ssl; | 76 listen 443 ssl; |
77 <emphasis>keepalive_timeout 70;</emphasis> | 77 <emphasis>keepalive_timeout 70;</emphasis> |
78 | 78 |
79 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | 79 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; |
80 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; | 80 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; |
81 ssl_certificate /usr/local/nginx/conf/cert.pem; | 81 ssl_certificate /usr/local/nginx/conf/cert.pem; |
82 ssl_certificate_key /usr/local/nginx/conf/cert.key; | 82 ssl_certificate_key /usr/local/nginx/conf/cert.key; |
83 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> | 83 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> |
84 <emphasis>ssl_session_timeout 10m;</emphasis> | 84 <emphasis>ssl_session_timeout 10m;</emphasis> |
593 [<literal>SSLv3</literal>] | 593 [<literal>SSLv3</literal>] |
594 [<literal>TLSv1</literal>] | 594 [<literal>TLSv1</literal>] |
595 [<literal>TLSv1.1</literal>] | 595 [<literal>TLSv1.1</literal>] |
596 [<literal>TLSv1.2</literal>] | 596 [<literal>TLSv1.2</literal>] |
597 [<literal>TLSv1.3</literal>]</syntax> | 597 [<literal>TLSv1.3</literal>]</syntax> |
598 <default>TLSv1 TLSv1.1 TLSv1.2</default> | 598 <default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default> |
599 <context>http</context> | 599 <context>http</context> |
600 <context>server</context> | 600 <context>server</context> |
601 | 601 |
602 <para> | 602 <para> |
603 Enables the specified protocols. | 603 Enables the specified protocols. |
606 (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. | 606 (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. |
607 </note> | 607 </note> |
608 <note> | 608 <note> |
609 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when | 609 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when |
610 OpenSSL 1.1.1 or higher is used. | 610 OpenSSL 1.1.1 or higher is used. |
611 </note> | |
612 <note> | |
613 The <literal>TLSv1.3</literal> parameter is used by default | |
614 since 1.23.4. | |
611 </note> | 615 </note> |
612 </para> | 616 </para> |
613 | 617 |
614 </directive> | 618 </directive> |
615 | 619 |