Mercurial > hg > nginx-site
changeset 1978:8f1a568a8bbf
Documented "TLSv1.3" parameter of the "ssl_protocols" directive.
While here, cleaned up a note about using OpenSSL on older nginx versions.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 25 Apr 2017 18:17:41 +0300 |
| parents | 57a1ef2902bf |
| children | ff28ca78bef3 |
| files | xml/en/docs/http/ngx_http_proxy_module.xml xml/en/docs/http/ngx_http_ssl_module.xml xml/en/docs/http/ngx_http_uwsgi_module.xml xml/en/docs/mail/ngx_mail_ssl_module.xml xml/en/docs/stream/ngx_stream_proxy_module.xml xml/en/docs/stream/ngx_stream_ssl_module.xml xml/ru/docs/http/ngx_http_proxy_module.xml xml/ru/docs/http/ngx_http_ssl_module.xml xml/ru/docs/http/ngx_http_uwsgi_module.xml xml/ru/docs/mail/ngx_mail_ssl_module.xml xml/ru/docs/stream/ngx_stream_proxy_module.xml xml/ru/docs/stream/ngx_stream_ssl_module.xml |
| diffstat | 12 files changed, 75 insertions(+), 55 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_proxy_module.xml +++ b/xml/en/docs/http/ngx_http_proxy_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_proxy_module" link="/en/docs/http/ngx_http_proxy_module.html" lang="en" - rev="60"> + rev="61"> <section id="summary"> @@ -1990,7 +1990,8 @@ appear in the logs, try disabling sessio [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>http</context> <context>server</context>
--- a/xml/en/docs/http/ngx_http_ssl_module.xml +++ b/xml/en/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_ssl_module" link="/en/docs/http/ngx_http_ssl_module.html" lang="en" - rev="33"> + rev="34"> <section id="summary"> @@ -398,21 +398,21 @@ ciphers when using the SSLv3 and TLS pro [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>http</context> <context>server</context> <para> Enables the specified protocols. -The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters work -only when the OpenSSL library of version 1.0.1 or higher is used. <note> -The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters are -supported starting from versions 1.1.13 and 1.0.12, -so when the OpenSSL version 1.0.1 or higher -is used on older nginx versions, these protocols work, but cannot -be disabled. +The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters +(1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. +</note> +<note> +The <literal>TLSv1.3</literal> parameter (1.13.0) works only when +OpenSSL 1.1.1 built with TLSv1.3 support is used. </note> </para>
--- a/xml/en/docs/http/ngx_http_uwsgi_module.xml +++ b/xml/en/docs/http/ngx_http_uwsgi_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_uwsgi_module" link="/en/docs/http/ngx_http_uwsgi_module.html" lang="en" - rev="38"> + rev="39"> <section id="summary"> @@ -1456,7 +1456,8 @@ Passphrases are tried in turn when loadi [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>http</context> <context>server</context>
--- a/xml/en/docs/mail/ngx_mail_ssl_module.xml +++ b/xml/en/docs/mail/ngx_mail_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_mail_ssl_module" link="/en/docs/mail/ngx_mail_ssl_module.html" lang="en" - rev="15"> + rev="16"> <section id="summary"> @@ -338,21 +338,21 @@ when the SSLv3 and TLS protocols are use [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>mail</context> <context>server</context> <para> Enables the specified protocols. -The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters work -only when the OpenSSL library of version 1.0.1 or higher is used. <note> -The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters are -supported starting from versions 1.1.13 and 1.0.12 -so when the OpenSSL version 1.0.1 or higher -is used on older nginx versions, these protocols work, but cannot -be disabled. +The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters +(1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. +</note> +<note> +The <literal>TLSv1.3</literal> parameter (1.13.0) works only when +OpenSSL 1.1.1 built with TLSv1.3 support is used. </note> </para>
--- a/xml/en/docs/stream/ngx_stream_proxy_module.xml +++ b/xml/en/docs/stream/ngx_stream_proxy_module.xml @@ -9,7 +9,7 @@ <module name="Module ngx_stream_proxy_module" link="/en/docs/stream/ngx_stream_proxy_module.html" lang="en" - rev="17"> + rev="18"> <section id="summary"> @@ -420,7 +420,8 @@ appear in the logs, try disabling sessio [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>stream</context> <context>server</context>
--- a/xml/en/docs/stream/ngx_stream_ssl_module.xml +++ b/xml/en/docs/stream/ngx_stream_ssl_module.xml @@ -9,7 +9,7 @@ <module name="Module ngx_stream_ssl_module" link="/en/docs/stream/ngx_stream_ssl_module.html" lang="en" - rev="16"> + rev="17"> <section id="summary"> @@ -319,15 +319,22 @@ when the SSLv3 and TLS protocols are use [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>stream</context> <context>server</context> <para> Enables the specified protocols. +<note> The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters work -only when the OpenSSL library of version 1.0.1 or higher is used. +only when OpenSSL 1.0.1 or higher is used. +</note> +<note> +The <literal>TLSv1.3</literal> parameter (1.13.0) works only when +OpenSSL 1.1.1 built with TLSv1.3 support is used. +</note> </para> </directive>
--- a/xml/ru/docs/http/ngx_http_proxy_module.xml +++ b/xml/ru/docs/http/ngx_http_proxy_module.xml @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_proxy_module" link="/ru/docs/http/ngx_http_proxy_module.html" lang="ru" - rev="60"> + rev="61"> <section id="summary"> @@ -1992,7 +1992,8 @@ Server Name Indication протокола TLS</link> (SNI, RFC 6066) [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>http</context> <context>server</context>
--- a/xml/ru/docs/http/ngx_http_ssl_module.xml +++ b/xml/ru/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_ssl_module" link="/ru/docs/http/ngx_http_ssl_module.html" lang="ru" - rev="33"> + rev="34"> <section id="summary"> @@ -399,21 +399,21 @@ http { [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>http</context> <context>server</context> <para> Разрешает указанные протоколы. -Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> работают -только при использовании библиотеки OpenSSL версии 1.0.1 и выше. <note> -Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> поддерживаются -только начиная с версий 1.1.13 и 1.0.12, -поэтому при использовании OpenSSL версии 1.0.1 -и выше на старых версиях nginx эти протоколы работать будут, однако их нельзя -будет отключить. +Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> +(1.1.13, 1.0.12) работают только при использовании OpenSSL 1.0.1 и выше. +</note> +<note> +Параметр <literal>TLSv1.3</literal> (1.13.0) работает только +при использовании OpenSSL 1.1.1, собранной с поддержкой TLSv1.3. </note> </para>
--- a/xml/ru/docs/http/ngx_http_uwsgi_module.xml +++ b/xml/ru/docs/http/ngx_http_uwsgi_module.xml @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_uwsgi_module" link="/ru/docs/http/ngx_http_uwsgi_module.html" lang="ru" - rev="38"> + rev="39"> <section id="summary"> @@ -1449,7 +1449,8 @@ uwsgi-сервер. [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>http</context> <context>server</context>
--- a/xml/ru/docs/mail/ngx_mail_ssl_module.xml +++ b/xml/ru/docs/mail/ngx_mail_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Модуль ngx_mail_ssl_module" link="/ru/docs/mail/ngx_mail_ssl_module.html" lang="ru" - rev="15"> + rev="16"> <section id="summary"> @@ -338,21 +338,21 @@ mail { [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>mail</context> <context>server</context> <para> Разрешает указанные протоколы. -Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> работают -только при использовании библиотеки OpenSSL версии 1.0.1 и выше. <note> -Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> поддерживаются -только начиная с версий 1.1.13 и 1.0.12, -поэтому при использовании OpenSSL версии 1.0.1 -и выше на старых версиях nginx эти протоколы работать будут, однако их нельзя -будет отключить. +Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> +(1.1.13, 1.0.12) работают только при использовании OpenSSL 1.0.1 и выше. +</note> +<note> +Параметр <literal>TLSv1.3</literal> (1.13.0) работает только +при использовании OpenSSL 1.1.1, собранной с поддержкой TLSv1.3. </note> </para>
--- a/xml/ru/docs/stream/ngx_stream_proxy_module.xml +++ b/xml/ru/docs/stream/ngx_stream_proxy_module.xml @@ -9,7 +9,7 @@ <module name="Модуль ngx_stream_proxy_module" link="/ru/docs/stream/ngx_stream_proxy_module.html" lang="ru" - rev="17"> + rev="18"> <section id="summary"> @@ -423,7 +423,8 @@ Server Name Indication протокола TLS</link> (SNI, RFC 6066) [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>stream</context> <context>server</context>
--- a/xml/ru/docs/stream/ngx_stream_ssl_module.xml +++ b/xml/ru/docs/stream/ngx_stream_ssl_module.xml @@ -9,7 +9,7 @@ <module name="Модуль ngx_stream_ssl_module" link="/ru/docs/stream/ngx_stream_ssl_module.html" lang="ru" - rev="16"> + rev="17"> <section id="summary"> @@ -319,15 +319,22 @@ stream { [<literal>SSLv3</literal>] [<literal>TLSv1</literal>] [<literal>TLSv1.1</literal>] - [<literal>TLSv1.2</literal>]</syntax> + [<literal>TLSv1.2</literal>] + [<literal>TLSv1.3</literal>]</syntax> <default>TLSv1 TLSv1.1 TLSv1.2</default> <context>stream</context> <context>server</context> <para> Разрешает указанные протоколы. -Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> работают -только при использовании библиотеки OpenSSL версии 1.0.1 и выше. +<note> +Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> +работают только при использовании OpenSSL 1.0.1 и выше. +</note> +<note> +Параметр <literal>TLSv1.3</literal> (1.13.0) работает только +при использовании OpenSSL 1.1.1, собранной с поддержкой TLSv1.3. +</note> </para> </directive>