Mercurial > hg > nginx-site

comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 2219:f1e12641fc8a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented TLS 1.3 early data.
author Yaroslav Zhuravlev <yar@nginx.com>
date Wed, 15 Aug 2018 12:54:52 +0300
parents 3535437f97d2
children 20a189bdb15f
comparison
equal deleted inserted replaced
2218:8be9700e9dd7 2219:f1e12641fc8a
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
9 9
10 <module name="Module ngx_http_ssl_module" 10 <module name="Module ngx_http_ssl_module"
11 link="/en/docs/http/ngx_http_ssl_module.html" 11 link="/en/docs/http/ngx_http_ssl_module.html"
12 lang="en" 12 lang="en"
13 rev="39"> 13 rev="40">
14 14
15 <section id="summary"> 15 <section id="summary">
16 16
17 <para> 17 <para>
18 The <literal>ngx_http_ssl_module</literal> module provides the 18 The <literal>ngx_http_ssl_module</literal> module provides the
281 <context>server</context> 281 <context>server</context>
282 <appeared-in>0.7.2</appeared-in> 282 <appeared-in>0.7.2</appeared-in>
283 283
284 <para> 284 <para>
285 Specifies a <value>file</value> with DH parameters for DHE ciphers. 285 Specifies a <value>file</value> with DH parameters for DHE ciphers.
286 </para>
287
288 </directive>
289
290
291 <directive name="ssl_early_data">
292 <syntax><literal>on</literal> | <literal>off</literal></syntax>
293 <default>off</default>
294 <context>http</context>
295 <context>server</context>
296 <appeared-in>1.15.3</appeared-in>
297
298 <para>
299 Enables or disables TLS 1.3
300 <link url="https://tools.ietf.org/html/rfc8446#section-2.3">early data</link>.
301 <note>
302 Requests sent within early data are subject to
303 <link id="var_ssl_early_data">replay attacks</link>.
304 </note>
286 </para> 305 </para>
287 306
288 </directive> 307 </directive>
289 308
290 309
877 <note> 896 <note>
878 The variable is available only for new sessions. 897 The variable is available only for new sessions.
879 </note> 898 </note>
880 </tag-desc> 899 </tag-desc>
881 900
901 <tag-name id="var_ssl_early_data"><var>$ssl_early_data</var></tag-name>
902 <tag-desc>
903 returns “<literal>1</literal>” if
904 TLS 1.3 early data is <link id="ssl_early_data">used</link>
905 and the handshake is not complete, otherwise “” (1.15.3).
906 The variable is used to protect against
907 <link url="https://tools.ietf.org/html/draft-ietf-httpbis-replay-04">replay attacks</link>
908 at the application layer:
909 <example>
910 proxy_set_header Early-Data $ssl_early_data;
911 </example>
912 </tag-desc>
913
882 <tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name> 914 <tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name>
883 <tag-desc> 915 <tag-desc>
884 returns the protocol of an established SSL connection; 916 returns the protocol of an established SSL connection;
885 </tag-desc> 917 </tag-desc>
886 918