Mercurial > hg > nginx-site

comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 2948:37e082fd009c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added TLSv1.3 to the default value of ssl_protocols and friends.
author Yaroslav Zhuravlev <yar@nginx.com>
date Fri, 10 Mar 2023 22:17:07 +0000
parents 3f5e91af4a52
children 2b02fee0d12e
comparison
equal deleted inserted replaced
2947:39a5ac34d794 2948:37e082fd009c
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
9 9
10 <module name="Module ngx_http_ssl_module" 10 <module name="Module ngx_http_ssl_module"
11 link="/en/docs/http/ngx_http_ssl_module.html" 11 link="/en/docs/http/ngx_http_ssl_module.html"
12 lang="en" 12 lang="en"
13 rev="59"> 13 rev="60">
14 14
15 <section id="summary"> 15 <section id="summary">
16 16
17 <para> 17 <para>
18 The <literal>ngx_http_ssl_module</literal> module provides the 18 The <literal>ngx_http_ssl_module</literal> module provides the
74 74
75 server { 75 server {
76 listen 443 ssl; 76 listen 443 ssl;
77 <emphasis>keepalive_timeout 70;</emphasis> 77 <emphasis>keepalive_timeout 70;</emphasis>
78 78
79 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 79 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
80 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; 80 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
81 ssl_certificate /usr/local/nginx/conf/cert.pem; 81 ssl_certificate /usr/local/nginx/conf/cert.pem;
82 ssl_certificate_key /usr/local/nginx/conf/cert.key; 82 ssl_certificate_key /usr/local/nginx/conf/cert.key;
83 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> 83 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis>
84 <emphasis>ssl_session_timeout 10m;</emphasis> 84 <emphasis>ssl_session_timeout 10m;</emphasis>
593 [<literal>SSLv3</literal>] 593 [<literal>SSLv3</literal>]
594 [<literal>TLSv1</literal>] 594 [<literal>TLSv1</literal>]
595 [<literal>TLSv1.1</literal>] 595 [<literal>TLSv1.1</literal>]
596 [<literal>TLSv1.2</literal>] 596 [<literal>TLSv1.2</literal>]
597 [<literal>TLSv1.3</literal>]</syntax> 597 [<literal>TLSv1.3</literal>]</syntax>
598 <default>TLSv1 TLSv1.1 TLSv1.2</default> 598 <default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
599 <context>http</context> 599 <context>http</context>
600 <context>server</context> 600 <context>server</context>
601 601
602 <para> 602 <para>
603 Enables the specified protocols. 603 Enables the specified protocols.
606 (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. 606 (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used.
607 </note> 607 </note>
608 <note> 608 <note>
609 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when 609 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when
610 OpenSSL 1.1.1 or higher is used. 610 OpenSSL 1.1.1 or higher is used.
611 </note>
612 <note>
613 The <literal>TLSv1.3</literal> parameter is used by default
614 since 1.23.4.
611 </note> 615 </note>
612 </para> 616 </para>
613 617
614 </directive> 618 </directive>
615 619