Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_ssl_module.xml @ 2068:3d9e7993c201

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added links to directives in the example of ssl modules.
author Yaroslav Zhuravlev <yar@nginx.com>
date Mon, 23 Oct 2017 14:48:21 +0300
parents 093855e77388
children aa5d65fe4916
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_ssl_module"
        link="/en/docs/http/ngx_http_ssl_module.html"
        lang="en"
        rev="37">

<section id="summary">

<para>
The <literal>ngx_http_ssl_module</literal> module provides the
necessary support for HTTPS.
</para>

<para>
This module is not built by default, it should be enabled with the
<literal>--with-http_ssl_module</literal>
configuration parameter.
<note>
This module requires the
<link url="http://www.openssl.org">OpenSSL</link> library.
</note>
</para>

</section>


<section id="example" name="Example Configuration">

<para>
To reduce the processor load it is recommended to
<list type="bullet">

<listitem>
set the number of
<link doc="../ngx_core_module.xml" id="worker_processes">worker processes</link>
equal to the number of processors,
</listitem>

<listitem>
enable
<link doc="ngx_http_core_module.xml" id="keepalive_timeout">keep-alive</link>
connections,
</listitem>

<listitem>
enable the <link id="ssl_session_cache_shared">shared</link> session cache,
</listitem>

<listitem>
disable the <link id="ssl_session_cache_builtin">built-in</link> session cache,
</listitem>

<listitem>
and possibly increase the session <link id="ssl_session_timeout">lifetime</link>
(by default, 5 minutes):
</listitem>

</list>

<example>
<emphasis>worker_processes auto;</emphasis>

http {

    ...

    server {
        listen              443 ssl;
        <emphasis>keepalive_timeout   70;</emphasis>

        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
        ssl_certificate     /usr/local/nginx/conf/cert.pem;
        ssl_certificate_key /usr/local/nginx/conf/cert.key;
        <emphasis>ssl_session_cache   shared:SSL:10m;</emphasis>
        <emphasis>ssl_session_timeout 10m;</emphasis>

        ...
    }
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="ssl">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>

<para>
Enables the HTTPS protocol for the given virtual server.
<note>
It is recommended to use the <literal>ssl</literal> parameter of the
<link doc="ngx_http_core_module.xml" id="listen"/> directive instead
of this directive.
</note>
</para>

</directive>


<directive name="ssl_buffer_size">
<syntax><value>size</value></syntax>
<default>16k</default>
<context>http</context>
<context>server</context>
<appeared-in>1.5.9</appeared-in>

<para>
Sets the size of the buffer used for sending data.
</para>

<para>
By default, the buffer size is 16k, which corresponds to minimal
overhead when sending big responses.
To minimize Time To First Byte it may be beneficial to use smaller values,
for example:
<example>
ssl_buffer_size 4k;
</example>
</para>

</directive>


<directive name="ssl_certificate">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>

<para>
Specifies a <value>file</value> with the certificate in the PEM format
for the given virtual server.
If intermediate certificates should be specified in addition to a primary
certificate, they should be specified in the same file in the following
order: the primary certificate comes first, then the intermediate certificates.
A secret key in the PEM format may be placed in the same file.
</para>

<para>
Since version 1.11.0,
this directive can be specified multiple times
to load certificates of different types, for example, RSA and ECDSA:
<example>
server {
    listen              443 ssl;
    server_name         example.com;

    ssl_certificate     example.com.rsa.crt;
    ssl_certificate_key example.com.rsa.key;

    ssl_certificate     example.com.ecdsa.crt;
    ssl_certificate_key example.com.ecdsa.key;

    ...
}
</example>
<note>
Only OpenSSL 1.0.2 or higher supports separate
<link doc="configuring_https_servers.xml" id="chains">certificate chains</link>
for different certificates.
With older versions, only one certificate chain can be used.
</note>
</para>

<para>
It should be kept in mind that due to the HTTPS protocol limitations
for maximum interoperability virtual servers should listen on
<link doc="configuring_https_servers.xml" id="name_based_https_servers">different
IP addresses</link>.
</para>

</directive>


<directive name="ssl_certificate_key">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>

<para>
Specifies a <value>file</value> with the secret key in the PEM format
for the given virtual server.
</para>

<para>
The value
<literal>engine</literal>:<value>name</value>:<value>id</value>
can be specified instead of the <value>file</value> (1.7.9),
which loads a secret key with a specified <value>id</value>
from the OpenSSL engine <value>name</value>.
</para>

</directive>


<directive name="ssl_ciphers">
<syntax><value>ciphers</value></syntax>
<default>HIGH:!aNULL:!MD5</default>
<context>http</context>
<context>server</context>

<para>
Specifies the enabled ciphers.
The ciphers are specified in the format understood by the
OpenSSL library, for example:
<example>
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
</example>
</para>

<para>
The full list can be viewed using the
“<command>openssl ciphers</command>” command.
</para>

<para>
<note>
The previous versions of nginx used
<link doc="configuring_https_servers.xml" id="compatibility">different</link>
ciphers by default.
</note>
</para>

</directive>


<directive name="ssl_client_certificate">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>

<para>
Specifies a <value>file</value> with trusted CA certificates in the PEM format
used to <link id="ssl_verify_client">verify</link> client certificates and
OCSP responses if <link id="ssl_stapling"/> is enabled.
</para>

<para>
The list of certificates will be sent to clients.
If this is not desired, the <link id="ssl_trusted_certificate"/>
directive can be used.
</para>

</directive>


<directive name="ssl_crl">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>0.8.7</appeared-in>

<para>
Specifies a <value>file</value> with revoked certificates (CRL)
in the PEM format used to <link id="ssl_verify_client">verify</link>
client certificates.
</para>

</directive>


<directive name="ssl_dhparam">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>0.7.2</appeared-in>

<para>
Specifies a <value>file</value> with DH parameters for DHE ciphers.
</para>

</directive>


<directive name="ssl_ecdh_curve">
<syntax><value>curve</value></syntax>
<default>auto</default>
<context>http</context>
<context>server</context>
<appeared-in>1.1.0</appeared-in>
<appeared-in>1.0.6</appeared-in>

<para>
Specifies a <value>curve</value> for ECDHE ciphers.
</para>

<para>
When using OpenSSL 1.0.2 or higher,
it is possible to specify multiple curves (1.11.0), for example:
<example>
ssl_ecdh_curve prime256v1:secp384r1;
</example>
</para>

<para>
The special value <literal>auto</literal> (1.11.0) instructs nginx to use
a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher,
or <literal>prime256v1</literal> with older versions.
</para>

<para>
<note>
Prior to version 1.11.0,
the <literal>prime256v1</literal> curve was used by default.
</note>
</para>

</directive>


<directive name="ssl_password_file">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.7.3</appeared-in>

<para>
Specifies a <value>file</value> with passphrases for
<link id="ssl_certificate_key">secret keys</link>
where each passphrase is specified on a separate line.
Passphrases are tried in turn when loading the key.
</para>

<para>
Example:
<example>
http {
    ssl_password_file /etc/keys/global.pass;
    ...

    server {
        server_name www1.example.com;
        ssl_certificate_key /etc/keys/first.key;
    }

    server {
        server_name www2.example.com;

        # named pipe can also be used instead of a file
        ssl_password_file /etc/keys/fifo;
        ssl_certificate_key /etc/keys/second.key;
    }
}
</example>
</para>

</directive>


<directive name="ssl_prefer_server_ciphers">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>

<para>
Specifies that server ciphers should be preferred over client
ciphers when using the SSLv3 and TLS protocols.
</para>

</directive>


<directive name="ssl_protocols">
<syntax>
    [<literal>SSLv2</literal>]
    [<literal>SSLv3</literal>]
    [<literal>TLSv1</literal>]
    [<literal>TLSv1.1</literal>]
    [<literal>TLSv1.2</literal>]
    [<literal>TLSv1.3</literal>]</syntax>
<default>TLSv1 TLSv1.1 TLSv1.2</default>
<context>http</context>
<context>server</context>

<para>
Enables the specified protocols.
<note>
The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters
(1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used.
</note>
<note>
The <literal>TLSv1.3</literal> parameter (1.13.0) works only when
OpenSSL 1.1.1 built with TLSv1.3 support is used.
</note>
</para>

</directive>


<directive name="ssl_session_cache">
<syntax>
    <literal>off</literal> |
    <literal>none</literal> |
    [<literal>builtin</literal>[:<value>size</value>]]
    [<literal>shared</literal>:<value>name</value>:<value>size</value>]</syntax>
<default>none</default>
<context>http</context>
<context>server</context>

<para>
Sets the types and sizes of caches that store session parameters.
A cache can be of any of the following types:
<list type="tag">

<tag-name><literal>off</literal></tag-name>
<tag-desc>
the use of a session cache is strictly prohibited:
nginx explicitly tells a client that sessions may not be reused.
</tag-desc>

<tag-name><literal>none</literal></tag-name>
<tag-desc>
the use of a session cache is gently disallowed:
nginx tells a client that sessions may be reused, but does not
actually store session parameters in the cache.
</tag-desc>

<tag-name id="ssl_session_cache_builtin"><literal>builtin</literal></tag-name>
<tag-desc>
a cache built in OpenSSL; used by one worker process only.
The cache size is specified in sessions.
If size is not given, it is equal to 20480 sessions.
Use of the built-in cache can cause memory fragmentation.
</tag-desc>

<tag-name id="ssl_session_cache_shared"><literal>shared</literal></tag-name>
<tag-desc>
a cache shared between all worker processes.
The cache size is specified in bytes; one megabyte can store
about 4000 sessions.
Each shared cache should have an arbitrary name.
A cache with the same name can be used in several virtual servers.
</tag-desc>

</list>
</para>

<para>
Both cache types can be used simultaneously, for example:
<example>
ssl_session_cache builtin:1000 shared:SSL:10m;
</example>
but using only shared cache without the built-in cache should
be more efficient.
</para>

</directive>


<directive name="ssl_session_ticket_key">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.5.7</appeared-in>

<para>
Sets a <value>file</value> with the secret key used to encrypt
and decrypt TLS session tickets.
The directive is necessary if the same key has to be shared between
multiple servers.
By default, a randomly generated key is used.
</para>

<para>
If several keys are specified, only the first key is
used to encrypt TLS session tickets.
This allows configuring key rotation, for example:
<example>
ssl_session_ticket_key current.key;
ssl_session_ticket_key previous.key;
</example>
</para>

<para>
The <value>file</value> must contain 80 or 48 bytes
of random data and can be created using the following command:
<example>
openssl rand 80 > ticket.key
</example>
Depending on the file size either AES256 (for 80-byte keys, 1.11.8)
or AES128 (for 48-byte keys) is used for encryption.
</para>

</directive>


<directive name="ssl_session_tickets">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>on</default>
<context>http</context>
<context>server</context>
<appeared-in>1.5.9</appeared-in>

<para>
Enables or disables session resumption through
<link url="https://tools.ietf.org/html/rfc5077">TLS session tickets</link>.
</para>

</directive>


<directive name="ssl_session_timeout">
<syntax><value>time</value></syntax>
<default>5m</default>
<context>http</context>
<context>server</context>

<para>
Specifies a time during which a client may reuse the
session parameters.
</para>

</directive>


<directive name="ssl_stapling">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
Enables or disables
<link url="https://tools.ietf.org/html/rfc4366#section-3.6">stapling
of OCSP responses</link> by the server.
Example:
<example>
ssl_stapling on;
resolver 192.0.2.1;
</example>
</para>

<para>
For the OCSP stapling to work, the certificate of the server certificate
issuer should be known.
If the <link id="ssl_certificate"/> file does
not contain intermediate certificates,
the certificate of the server certificate issuer should be
present in the
<link id="ssl_trusted_certificate"/> file.
</para>

<para>
For a resolution of the OCSP responder hostname,
the <link doc="ngx_http_core_module.xml" id="resolver"/> directive
should also be specified.
</para>

</directive>


<directive name="ssl_stapling_file">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
When set, the stapled OCSP response will be taken from the
specified <value>file</value> instead of querying
the OCSP responder specified in the server certificate.
</para>

<para>
The file should be in the DER format as produced by the
“<literal>openssl ocsp</literal>” command.
</para>

</directive>


<directive name="ssl_stapling_responder">
<syntax><value>url</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
Overrides the URL of the OCSP responder specified in the
“<link url="https://tools.ietf.org/html/rfc5280#section-4.2.2.1">Authority
Information Access</link>” certificate extension.
</para>

<para>
Only “<literal>http://</literal>” OCSP responders are supported:
<example>
ssl_stapling_responder http://ocsp.example.com/;
</example>
</para>

</directive>


<directive name="ssl_stapling_verify">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
Enables or disables verification of OCSP responses by the server.
</para>

<para>
For verification to work, the certificate of the server certificate
issuer, the root certificate, and all intermediate certificates
should be configured as trusted using the
<link id="ssl_trusted_certificate"/> directive.
</para>

</directive>


<directive name="ssl_trusted_certificate">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
Specifies a <value>file</value> with trusted CA certificates in the PEM format
used to <link id="ssl_verify_client">verify</link> client certificates and
OCSP responses if <link id="ssl_stapling"/> is enabled.
</para>

<para>
In contrast to the certificate set by <link id="ssl_client_certificate"/>,
the list of these certificates will not be sent to clients.
</para>

</directive>


<directive name="ssl_verify_client">
<syntax>
    <literal>on</literal> | <literal>off</literal> |
    <literal>optional</literal> | <literal>optional_no_ca</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>

<para>
Enables verification of client certificates.
The verification result is stored in the
<link id="var_ssl_client_verify">$ssl_client_verify</link> variable.
</para>

<para>
The <literal>optional</literal> parameter (0.8.7+) requests the client
certificate and verifies it if the certificate is present.
</para>

<para>
The <literal>optional_no_ca</literal> parameter (1.3.8, 1.2.5)
requests the client
certificate but does not require it to be signed by a trusted CA certificate.
This is intended for the use in cases when a service that is external to nginx
performs the actual certificate verification.
The contents of the certificate is accessible through the
<link id="var_ssl_client_cert">$ssl_client_cert</link> variable.
</para>

</directive>


<directive name="ssl_verify_depth">
<syntax><value>number</value></syntax>
<default>1</default>
<context>http</context>
<context>server</context>

<para>
Sets the verification depth in the client certificates chain.
</para>

</directive>

</section>


<section id="errors" name="Error Processing">

<para>
The <literal>ngx_http_ssl_module</literal> module supports several
non-standard error codes that can be used for redirects using the
<link doc="ngx_http_core_module.xml" id="error_page"/> directive:
<list type="tag">

<tag-name>495</tag-name>
<tag-desc>
an error has occurred during the client certificate verification;
</tag-desc>

<tag-name>496</tag-name>
<tag-desc>
a client has not presented the required certificate;
</tag-desc>

<tag-name>497</tag-name>
<tag-desc>
a regular request has been sent to the HTTPS port.
</tag-desc>

</list>
</para>

<para>
The redirection happens after the request is fully parsed and
the variables, such as <var>$request_uri</var>,
<var>$uri</var>, <var>$args</var> and others, are available.
</para>

</section>


<section id="variables" name="Embedded Variables">

<para>
The <literal>ngx_http_ssl_module</literal> module supports
several embedded variables:
<list type="tag">

<tag-name id="var_ssl_cipher"><var>$ssl_cipher</var></tag-name>
<tag-desc>
returns the string of ciphers used
for an established SSL connection;
</tag-desc>

<tag-name id="var_ssl_ciphers"><var>$ssl_ciphers</var></tag-name>
<tag-desc>
returns the list of ciphers supported by the client (1.11.7).
Known ciphers are listed by names, unknown are shown in hexadecimal,
for example:
<example>
AES128-SHA:AES256-SHA:0x00ff
</example>
<note>
The variable is fully supported only when using OpenSSL version 1.0.2 or higher.
With older versions, the variable is available
only for new sessions and lists only known ciphers.
</note>
</tag-desc>

<tag-name id="var_ssl_client_escaped_cert"><var>$ssl_client_escaped_cert</var></tag-name>
<tag-desc>
returns the client certificate in the PEM format (urlencoded)
for an established SSL connection (1.13.5);
</tag-desc>

<tag-name id="var_ssl_client_cert"><var>$ssl_client_cert</var></tag-name>
<tag-desc>
returns the client certificate in the PEM format
for an established SSL connection, with each line except the first
prepended with the tab character;
this is intended for the use in the
<link doc="ngx_http_proxy_module.xml" id="proxy_set_header"/> directive;
<note>
The variable is deprecated,
the <var>$ssl_client_escaped_cert</var> variable should be used instead.
</note>
</tag-desc>

<tag-name id="var_ssl_client_fingerprint"><var>$ssl_client_fingerprint</var></tag-name>
<tag-desc>
returns the SHA1 fingerprint of the client certificate
for an established SSL connection (1.7.1);
</tag-desc>

<tag-name id="var_ssl_client_i_dn"><var>$ssl_client_i_dn</var></tag-name>
<tag-desc>
returns the “issuer DN” string of the client certificate
for an established SSL connection according to
<link url="https://tools.ietf.org/html/rfc2253">RFC 2253</link> (1.11.6);
</tag-desc>

<tag-name id="var_ssl_client_i_dn_legacy"><var>$ssl_client_i_dn_legacy</var></tag-name>
<tag-desc>
returns the “issuer DN” string of the client certificate
for an established SSL connection;
<note>
Prior to version 1.11.6, the variable name was <var>$ssl_client_i_dn</var>.
</note>
</tag-desc>

<tag-name id="var_ssl_client_raw_cert"><var>$ssl_client_raw_cert</var>
</tag-name>
<tag-desc>
returns the client certificate in the PEM format
for an established SSL connection;
</tag-desc>

<tag-name id="var_ssl_client_s_dn"><var>$ssl_client_s_dn</var></tag-name>
<tag-desc>
returns the “subject DN” string of the client certificate
for an established SSL connection according to
<link url="https://tools.ietf.org/html/rfc2253">RFC 2253</link> (1.11.6);
</tag-desc>

<tag-name id="var_ssl_client_s_dn_legacy"><var>$ssl_client_s_dn_legacy</var></tag-name>
<tag-desc>
returns the “subject DN” string of the client certificate
for an established SSL connection;
<note>
Prior to version 1.11.6, the variable name was <var>$ssl_client_s_dn</var>.
</note>
</tag-desc>

<tag-name id="var_ssl_client_serial"><var>$ssl_client_serial</var></tag-name>
<tag-desc>
returns the serial number of the client certificate
for an established SSL connection;
</tag-desc>

<tag-name id="var_ssl_client_v_end"><var>$ssl_client_v_end</var></tag-name>
<tag-desc>
returns the end date of the client certificate (1.11.7);
</tag-desc>

<tag-name id="var_ssl_client_v_remain"><var>$ssl_client_v_remain</var></tag-name>
<tag-desc>
returns the number of days
until the client certificate expires (1.11.7);
</tag-desc>

<tag-name id="var_ssl_client_v_start"><var>$ssl_client_v_start</var></tag-name>
<tag-desc>
returns the start date of the client certificate (1.11.7);
</tag-desc>

<tag-name id="var_ssl_client_verify"><var>$ssl_client_verify</var></tag-name>
<tag-desc>
returns the result of client certificate verification:
“<literal>SUCCESS</literal>”, “<literal>FAILED:</literal><value>reason</value>”,
and “<literal>NONE</literal>” if a certificate was not present;
<note>
Prior to version 1.11.7, the “<literal>FAILED</literal>” result
did not contain the <value>reason</value> string.
</note>
</tag-desc>

<tag-name id="var_ssl_curves"><var>$ssl_curves</var></tag-name>
<tag-desc>
returns the list of curves supported by the client (1.11.7).
Known curves are listed by names, unknown are shown in hexadecimal,
for example:
<example>
0x001d:prime256v1:secp521r1:secp384r1
</example>
<note>
The variable is supported only when using OpenSSL version 1.0.2 or higher.
With older versions, the variable value will be an empty string.
</note>
<note>
The variable is available only for new sessions.
</note>
</tag-desc>

<tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name>
<tag-desc>
returns the protocol of an established SSL connection;
</tag-desc>

<tag-name id="var_ssl_server_name"><var>$ssl_server_name</var></tag-name>
<tag-desc>
returns the server name requested through
<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">SNI</link>
(1.7.0);
</tag-desc>

<tag-name id="var_ssl_session_id"><var>$ssl_session_id</var></tag-name>
<tag-desc>
returns the session identifier of an established SSL connection;
</tag-desc>

<tag-name id="var_ssl_session_reused"><var>$ssl_session_reused</var></tag-name>
<tag-desc>
returns “<literal>r</literal>” if an SSL session was reused,
or “<literal>.</literal>” otherwise (1.5.11).
</tag-desc>

</list>
</para>

</section>

</module>