Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 2219:f1e12641fc8a
Documented TLS 1.3 early data.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 15 Aug 2018 12:54:52 +0300 |
parents | 3535437f97d2 |
children | 20a189bdb15f |
comparison
equal
deleted
inserted
replaced
2218:8be9700e9dd7 | 2219:f1e12641fc8a |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="39"> | 13 rev="40"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
281 <context>server</context> | 281 <context>server</context> |
282 <appeared-in>0.7.2</appeared-in> | 282 <appeared-in>0.7.2</appeared-in> |
283 | 283 |
284 <para> | 284 <para> |
285 Specifies a <value>file</value> with DH parameters for DHE ciphers. | 285 Specifies a <value>file</value> with DH parameters for DHE ciphers. |
286 </para> | |
287 | |
288 </directive> | |
289 | |
290 | |
291 <directive name="ssl_early_data"> | |
292 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
293 <default>off</default> | |
294 <context>http</context> | |
295 <context>server</context> | |
296 <appeared-in>1.15.3</appeared-in> | |
297 | |
298 <para> | |
299 Enables or disables TLS 1.3 | |
300 <link url="https://tools.ietf.org/html/rfc8446#section-2.3">early data</link>. | |
301 <note> | |
302 Requests sent within early data are subject to | |
303 <link id="var_ssl_early_data">replay attacks</link>. | |
304 </note> | |
286 </para> | 305 </para> |
287 | 306 |
288 </directive> | 307 </directive> |
289 | 308 |
290 | 309 |
877 <note> | 896 <note> |
878 The variable is available only for new sessions. | 897 The variable is available only for new sessions. |
879 </note> | 898 </note> |
880 </tag-desc> | 899 </tag-desc> |
881 | 900 |
901 <tag-name id="var_ssl_early_data"><var>$ssl_early_data</var></tag-name> | |
902 <tag-desc> | |
903 returns “<literal>1</literal>” if | |
904 TLS 1.3 early data is <link id="ssl_early_data">used</link> | |
905 and the handshake is not complete, otherwise “” (1.15.3). | |
906 The variable is used to protect against | |
907 <link url="https://tools.ietf.org/html/draft-ietf-httpbis-replay-04">replay attacks</link> | |
908 at the application layer: | |
909 <example> | |
910 proxy_set_header Early-Data $ssl_early_data; | |
911 </example> | |
912 </tag-desc> | |
913 | |
882 <tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name> | 914 <tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name> |
883 <tag-desc> | 915 <tag-desc> |
884 returns the protocol of an established SSL connection; | 916 returns the protocol of an established SSL connection; |
885 </tag-desc> | 917 </tag-desc> |
886 | 918 |