Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 1711:38fb3e6b71e8
Documented ssl_ecdh_curve changes in 1.11.0.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 27 May 2016 19:05:15 +0300 |
| parents | 6f5497797cde |
| children | 67b5aac350e4 |
comparison
equal
deleted
inserted
replaced
| 1710:692d34a2adfc | 1711:38fb3e6b71e8 |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
| 11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="20"> | 13 rev="21"> |
| 14 | 14 |
| 15 <section id="summary"> | 15 <section id="summary"> |
| 16 | 16 |
| 17 <para> | 17 <para> |
| 18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
| 276 </directive> | 276 </directive> |
| 277 | 277 |
| 278 | 278 |
| 279 <directive name="ssl_ecdh_curve"> | 279 <directive name="ssl_ecdh_curve"> |
| 280 <syntax><value>curve</value></syntax> | 280 <syntax><value>curve</value></syntax> |
| 281 <default>prime256v1</default> | 281 <default>auto</default> |
| 282 <context>http</context> | 282 <context>http</context> |
| 283 <context>server</context> | 283 <context>server</context> |
| 284 <appeared-in>1.1.0</appeared-in> | 284 <appeared-in>1.1.0</appeared-in> |
| 285 <appeared-in>1.0.6</appeared-in> | 285 <appeared-in>1.0.6</appeared-in> |
| 286 | 286 |
| 287 <para> | 287 <para> |
| 288 Specifies a <value>curve</value> for ECDHE ciphers. | 288 Specifies a <value>curve</value> for ECDHE ciphers. |
| 289 </para> | |
| 290 | |
| 291 <para> | |
| 292 When using OpenSSL 1.0.2 or higher, | |
| 293 it is possible to specify multiple curves (1.11.0), for example: | |
| 294 <example> | |
| 295 ssl_ecdh_curve prime256v1:secp384r1; | |
| 296 </example> | |
| 297 </para> | |
| 298 | |
| 299 <para> | |
| 300 The special value <literal>auto</literal> (1.11.0) instructs nginx to use | |
| 301 a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, | |
| 302 or <literal>prime256v1</literal> with older versions. | |
| 303 </para> | |
| 304 | |
| 305 <para> | |
| 306 <note> | |
| 307 Prior to version 1.11.0, | |
| 308 the <literal>prime256v1</literal> curve was used by default. | |
| 309 </note> | |
| 289 </para> | 310 </para> |
| 290 | 311 |
| 291 </directive> | 312 </directive> |
| 292 | 313 |
| 293 | 314 |