Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 314:95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
"ssl_protocols" directive.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Fri, 13 Jan 2012 17:58:36 +0000 |
parents | 4c6d2c614d2c |
children | a413dffb0557 |
comparison
equal
deleted
inserted
replaced
313:16244471304a | 314:95d5dc7c9884 |
---|---|
18 listen 443; | 18 listen 443; |
19 server_name www.nginx.com; | 19 server_name www.nginx.com; |
20 ssl on; | 20 ssl on; |
21 ssl_certificate www.nginx.com.crt; | 21 ssl_certificate www.nginx.com.crt; |
22 ssl_certificate_key www.nginx.com.key; | 22 ssl_certificate_key www.nginx.com.key; |
23 ssl_protocols SSLv3 TLSv1; | 23 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; |
24 ssl_ciphers HIGH:!aNULL:!MD5; | 24 ssl_ciphers HIGH:!aNULL:!MD5; |
25 ... | 25 ... |
26 } | 26 } |
27 </programlisting> | 27 </programlisting> |
28 | 28 |
48 can be used to limit connections | 48 can be used to limit connections |
49 to include only the strong versions and ciphers of SSL/TLS. | 49 to include only the strong versions and ciphers of SSL/TLS. |
50 Since version 1.0.5, nginx uses “<literal>ssl_protocols SSLv3 TLSv1</literal>” | 50 Since version 1.0.5, nginx uses “<literal>ssl_protocols SSLv3 TLSv1</literal>” |
51 and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>” by default, | 51 and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>” by default, |
52 so configuring them explicitly only makes sense for the earlier nginx versions. | 52 so configuring them explicitly only makes sense for the earlier nginx versions. |
53 Since version 1.1.13, nginx uses | |
54 “<literal>ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2</literal>” by default. | |
53 </para> | 55 </para> |
54 | 56 |
55 <para> | 57 <para> |
56 CBC-mode ciphers might be vulnerable to a number of attacks and to | 58 CBC-mode ciphers might be vulnerable to a number of attacks and to |
57 the BEAST attack in particular (see | 59 the BEAST attack in particular (see |
103 <b>keepalive_timeout 70</b>; | 105 <b>keepalive_timeout 70</b>; |
104 | 106 |
105 ssl on; | 107 ssl on; |
106 ssl_certificate www.nginx.com.crt; | 108 ssl_certificate www.nginx.com.crt; |
107 ssl_certificate_key www.nginx.com.key; | 109 ssl_certificate_key www.nginx.com.key; |
108 ssl_protocols SSLv3 TLSv1; | 110 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; |
109 ssl_ciphers HIGH:!aNULL:!MD5; | 111 ssl_ciphers HIGH:!aNULL:!MD5; |
110 ... | 112 ... |
111 </programlisting> | 113 </programlisting> |
112 </para> | 114 </para> |
113 | 115 |
452 | 454 |
453 <para> | 455 <para> |
454 <list> | 456 <list> |
455 | 457 |
456 <item> | 458 <item> |
457 Version 0.7.65, 0.8.19 and later: the default SSL protocols are SSLv3 and TLSv1. | 459 Version 0.7.65, 0.8.19 and later: the default SSL protocols are SSLv3, TLSv1, |
460 TLSv1.1, and TLSv1.2 (if supported by the OpenSSL library). | |
458 </item> | 461 </item> |
459 | 462 |
460 <item> | 463 <item> |
461 Version 0.7.64, 0.8.18 and earlier: the default SSL protocols are SSLv2, | 464 Version 0.7.64, 0.8.18 and earlier: the default SSL protocols are SSLv2, |
462 SSLv3, and TLSv1. | 465 SSLv3, and TLSv1. |