Mercurial > hg > nginx-site
diff xml/en/docs/http/ngx_http_ssl_module.xml @ 2219:f1e12641fc8a
Documented TLS 1.3 early data.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 15 Aug 2018 12:54:52 +0300 |
parents | 3535437f97d2 |
children | 20a189bdb15f |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_ssl_module.xml +++ b/xml/en/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_ssl_module" link="/en/docs/http/ngx_http_ssl_module.html" lang="en" - rev="39"> + rev="40"> <section id="summary"> @@ -288,6 +288,25 @@ Specifies a <value>file</value> with DH </directive> +<directive name="ssl_early_data"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>http</context> +<context>server</context> +<appeared-in>1.15.3</appeared-in> + +<para> +Enables or disables TLS 1.3 +<link url="https://tools.ietf.org/html/rfc8446#section-2.3">early data</link>. +<note> +Requests sent within early data are subject to +<link id="var_ssl_early_data">replay attacks</link>. +</note> +</para> + +</directive> + + <directive name="ssl_ecdh_curve"> <syntax><value>curve</value></syntax> <default>auto</default> @@ -879,6 +898,19 @@ The variable is available only for new s </note> </tag-desc> +<tag-name id="var_ssl_early_data"><var>$ssl_early_data</var></tag-name> +<tag-desc> +returns “<literal>1</literal>” if +TLS 1.3 early data is <link id="ssl_early_data">used</link> +and the handshake is not complete, otherwise “” (1.15.3). +The variable is used to protect against +<link url="https://tools.ietf.org/html/draft-ietf-httpbis-replay-04">replay attacks</link> +at the application layer: +<example> +proxy_set_header Early-Data $ssl_early_data; +</example> +</tag-desc> + <tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name> <tag-desc> returns the protocol of an established SSL connection;