Mercurial > hg > nginx-site
diff xml/en/docs/http/ngx_http_ssl_module.xml @ 1019:2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 22 Nov 2013 16:44:41 +0400 |
parents | 95c3c3bbf1ce |
children | f7ca80263893 |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_ssl_module.xml +++ b/xml/en/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_ssl_module" link="/en/docs/http/ngx_http_ssl_module.html" lang="en" - rev="7"> + rev="8"> <section id="summary"> @@ -345,6 +345,42 @@ be more efficient. </directive> +<directive name="ssl_session_ticket_key"> +<syntax><value>file</value></syntax> +<default/> +<context>http</context> +<context>server</context> +<appeared-in>1.5.7</appeared-in> + +<para> +Sets a <value>file</value> with the secret key used to encrypt +and decrypt TLS session tickets. +The directive is necessary if the same key has to be shared between +multiple servers. +By default, a randomly generated key is used. +</para> + +<para> +If several keys are specified, only the first key is +used to encrypt TLS session tickets. +This allows to configure key rotation, for example: +<example> +ssl_session_ticket_key current.key; +ssl_session_ticket_key previous.key; +</example> +</para> + +<para> +The <value>file</value> must contain 48 bytes of random data and can +be created using the following command: +<example> +openssl rand 48 > ticket.key +</example> +</para> + +</directive> + + <directive name="ssl_session_timeout"> <syntax><value>time</value></syntax> <default>5m</default>