Mercurial > hg > nginx-site
annotate xml/en/docs/mail/ngx_mail_ssl_module.xml @ 1508:ab9e4d5b9ee1
Donor added.
author | Maxim Konovalov <maxim@nginx.com> |
---|---|
date | Sun, 14 Jun 2015 09:18:49 +0000 |
parents | 3687cc9a3592 |
children | e3d3e2ed4275 |
rev | line source |
---|---|
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 <!-- |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 Copyright (C) 2006, 2007 Anton Yuzhaninov |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 --> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 <module name="Module ngx_mail_ssl_module" |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 link="/en/docs/mail/ngx_mail_ssl_module.html" |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 lang="en" |
1499
3687cc9a3592
Removed SSLv3 from the default value of ssl_protocols and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1456
diff
changeset
|
13 rev="7"> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 <section id="summary"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 <para> |
966 | 18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary |
19 support for a mail proxy server to work with the SSL/TLS protocol. | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 This module is not built by default, it should be enabled with |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 the <literal>--with-mail_ssl_module</literal> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 configuration parameter. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 <note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 This module requires the <link url="http://www.openssl.org">OpenSSL</link> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 library. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 </note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 </section> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 <section id="directives" name="Directives"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 <directive name="ssl"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 <para> |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
664
diff
changeset
|
44 Enables the SSL/TLS protocol for the given server. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 <directive name="ssl_certificate"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 <syntax><value>file</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 <default/> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 <para> |
1456
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
57 Specifies a <value>file</value> with the certificate in the PEM format |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
58 for the given server. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 If intermediate certificates should be specified in addition to a primary |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 certificate, they should be specified in the same file in the following |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 order: the primary certificate comes first, then the intermediate certificates. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 A secret key in the PEM format may be placed in the same file. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 <directive name="ssl_certificate_key"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 <syntax><value>file</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 <default/> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 <para> |
1456
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
75 Specifies a <value>file</value> with the secret key in the PEM format |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
76 for the given server. |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
77 </para> |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
78 |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
79 <para> |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
80 The value |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
81 <literal>engine</literal>:<value>name</value>:<value>id</value> |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
82 can be specified instead of the <value>file</value> (1.7.9), |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
83 which loads a secret key with a specified <value>id</value> |
acba294382d6
Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
84 from the OpenSSL engine <value>name</value>. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
90 <directive name="ssl_ciphers"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
91 <syntax><value>ciphers</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
92 <default>HIGH:!aNULL:!MD5</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
93 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
94 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
95 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
96 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
97 Specifies the enabled ciphers. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
98 The ciphers are specified in the format understood by the |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
99 OpenSSL library, for example: |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
100 <example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
101 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
102 </example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
103 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
104 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
105 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
106 The full list can be viewed using the |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
107 “<command>openssl ciphers</command>” command. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
108 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
109 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
110 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
111 <note> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
112 The previous versions of nginx used |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
113 <link doc="../http/configuring_https_servers.xml" id="compatibility">different</link> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
114 ciphers by default. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
115 </note> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
116 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
117 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
118 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
119 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
120 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
121 <directive name="ssl_client_certificate"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
122 <syntax><value>file</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
123 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
124 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
125 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
126 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
127 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
128 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
129 Specifies a <value>file</value> with trusted CA certificates in the PEM format |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
130 used to <link id="ssl_verify_client">verify</link> client certificates. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
131 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
132 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
133 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
134 The list of certificates will be sent to clients. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
135 If this is not desired, the <link id="ssl_trusted_certificate"/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
136 directive can be used. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
137 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
138 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
139 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
140 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
141 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
142 <directive name="ssl_crl"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
143 <syntax><value>file</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
144 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
145 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
146 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
147 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
148 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
149 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
150 Specifies a <value>file</value> with revoked certificates (CRL) |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
151 in the PEM format used to <link id="ssl_verify_client">verify</link> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
152 client certificates. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
153 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
154 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
155 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
156 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
157 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
158 <directive name="ssl_dhparam"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
159 <syntax><value>file</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
160 <default/> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
161 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
162 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
163 <appeared-in>0.7.2</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
164 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
165 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
166 Specifies a <value>file</value> with DH parameters for EDH ciphers. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
167 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
168 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
169 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
170 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
171 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
172 <directive name="ssl_ecdh_curve"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
173 <syntax><value>curve</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
174 <default>prime256v1</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
175 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
176 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
177 <appeared-in>1.1.0</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
178 <appeared-in>1.0.6</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
179 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
180 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
181 Specifies a <value>curve</value> for ECDHE ciphers. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
182 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
183 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
184 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
185 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
186 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
187 <directive name="ssl_password_file"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
188 <syntax><value>file</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
189 <default/> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
190 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
191 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
192 <appeared-in>1.7.3</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
193 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
194 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
195 Specifies a <value>file</value> with passphrases for |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
196 <link id="ssl_certificate_key">secret keys</link> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
197 where each passphrase is specified on a separate line. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
198 Passphrases are tried in turn when loading the key. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
199 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
200 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
201 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
202 Example: |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
203 <example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
204 mail { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
205 ssl_password_file /etc/keys/global.pass; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
206 ... |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
207 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
208 server { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
209 server_name mail1.example.com; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
210 ssl_certificate_key /etc/keys/first.key; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
211 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
212 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
213 server { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
214 server_name mail2.example.com; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
215 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
216 # named pipe can also be used instead of a file |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
217 ssl_password_file /etc/keys/fifo; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
218 ssl_certificate_key /etc/keys/second.key; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
219 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
220 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
221 </example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
222 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
223 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
224 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
225 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
226 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 <directive name="ssl_prefer_server_ciphers"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 Specifies that server ciphers should be preferred over client ciphers |
966 | 235 when the SSLv3 and TLS protocols are used. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 <directive name="ssl_protocols"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 [<literal>SSLv2</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 [<literal>SSLv3</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 [<literal>TLSv1</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 [<literal>TLSv1.1</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 [<literal>TLSv1.2</literal>]</syntax> |
1499
3687cc9a3592
Removed SSLv3 from the default value of ssl_protocols and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1456
diff
changeset
|
248 <default>TLSv1 TLSv1.1 TLSv1.2</default> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 Enables the specified protocols. |
966 | 254 The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters work |
255 only when the OpenSSL library of version 1.0.1 or higher is used. | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 <note> |
966 | 257 The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters are |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 supported starting from versions 1.1.13 and 1.0.12 |
966 | 259 so when the OpenSSL version 1.0.1 or higher |
260 is used on older nginx versions, these protocols work, but cannot | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 be disabled. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 </note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 <directive name="ssl_session_cache"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 <literal>off</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
271 <literal>none</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 [<literal>builtin</literal>[:<value>size</value>]] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 [<literal>shared</literal>:<value>name</value>:<value>size</value>]</syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 <default>none</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
277 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 <para> |
966 | 279 Sets the types and sizes of caches that store session parameters. |
280 A cache can be of any of the following types: | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 <list type="tag"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 <tag-name><literal>off</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 <tag-desc> |
966 | 285 the use of a session cache is strictly prohibited: |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
286 nginx explicitly tells a client that sessions may not be reused. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 <tag-name><literal>none</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 <tag-desc> |
966 | 291 the use of a session cache is gently disallowed: |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 nginx tells a client that sessions may be reused, but does not |
966 | 293 actually store session parameters in the cache. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 <tag-name><literal>builtin</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 <tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
298 a cache built in OpenSSL; used by one worker process only. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 The cache size is specified in sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 If size is not given, it is equal to 20480 sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 Use of the built-in cache can cause memory fragmentation. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
302 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 <tag-name><literal>shared</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 <tag-desc> |
966 | 306 a cache shared between all worker processes. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 The cache size is specified in bytes; one megabyte can store |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 about 4000 sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 Each shared cache should have an arbitrary name. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 A cache with the same name can be used in several |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
664
diff
changeset
|
311 servers. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
313 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 </list> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
315 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
317 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 Both cache types can be used simultaneously, for example: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 <example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 ssl_session_cache builtin:1000 shared:SSL:10m; |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
321 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 but using only shared cache without the built-in cache should |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 be more efficient. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
325 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
326 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
327 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
328 |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
329 <directive name="ssl_session_ticket_key"> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
330 <syntax><value>file</value></syntax> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
331 <default/> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
332 <context>mail</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
333 <context>server</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
334 <appeared-in>1.5.7</appeared-in> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
335 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
336 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
337 Sets a <value>file</value> with the secret key used to encrypt |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
338 and decrypt TLS session tickets. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
339 The directive is necessary if the same key has to be shared between |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
340 multiple servers. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
341 By default, a randomly generated key is used. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
342 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
343 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
344 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
345 If several keys are specified, only the first key is |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
346 used to encrypt TLS session tickets. |
1144
ac131944d349
Changed infinitive to gerund after "allow".
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1019
diff
changeset
|
347 This allows configuring key rotation, for example: |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
348 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
349 ssl_session_ticket_key current.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
350 ssl_session_ticket_key previous.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
351 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
352 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
353 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
354 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
355 The <value>file</value> must contain 48 bytes of random data and can |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
356 be created using the following command: |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
357 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
358 openssl rand 48 > ticket.key |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
359 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
360 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
361 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
362 </directive> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
363 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
364 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
365 <directive name="ssl_session_tickets"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
366 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
367 <default>on</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
368 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
369 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
370 <appeared-in>1.5.9</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
371 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
372 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
373 Enables or disables session resumption through |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
374 <link url="http://tools.ietf.org/html/rfc5077">TLS session tickets</link>. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
375 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
376 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
377 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
378 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
379 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 <directive name="ssl_session_timeout"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 <syntax><value>time</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 <default>5m</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
384 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
387 Specifies a time during which a client may reuse the |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
388 session parameters stored in a cache. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
389 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
390 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
391 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
392 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
393 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
394 <directive name="ssl_trusted_certificate"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
395 <syntax><value>file</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
396 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
397 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
398 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
399 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
400 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
401 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
402 Specifies a <value>file</value> with trusted CA certificates in the PEM format |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
403 used to <link id="ssl_verify_client">verify</link> client certificates. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
404 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
405 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
406 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
407 In contrast to the certificate set by <link id="ssl_client_certificate"/>, |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
408 the list of these certificates will not be sent to clients. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
409 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
410 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
411 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
412 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
413 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
414 <directive name="ssl_verify_client"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
415 <syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
416 <literal>on</literal> | <literal>off</literal> | |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
417 <literal>optional</literal> | <literal>optional_no_ca</literal></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
418 <default>off</default> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
419 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
420 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
421 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
422 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
423 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
424 Enables verification of client certificates. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
425 The verification result is passed in the |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
426 <header>Auth-SSL-Verify</header> header of the |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
427 <link doc="ngx_mail_auth_http_module.xml" id="auth_http">authentication</link> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
428 request. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
429 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
430 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
431 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
432 The <literal>optional</literal> parameter requests the client |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
433 certificate and verifies it if the certificate is present. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
434 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
435 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
436 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
437 The <literal>optional_no_ca</literal> parameter |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
438 requests the client |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
439 certificate but does not require it to be signed by a trusted CA certificate. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
440 This is intended for the use in cases when a service that is external to nginx |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
441 performs the actual certificate verification. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
442 The contents of the certificate is accessible through requests |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
443 <link doc="ngx_mail_auth_http_module.xml" |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
444 id="auth_http_pass_client_cert">sent</link> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
445 to the authentication server. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
446 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
447 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
448 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
449 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
450 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
451 <directive name="ssl_verify_depth"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
452 <syntax><value>number</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
453 <default>1</default> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
454 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
455 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
456 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
457 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
458 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
459 Sets the verification depth in the client certificates chain. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
460 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
461 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
462 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
463 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
464 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 <directive name="starttls"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 <literal>on</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 <literal>off</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 <literal>only</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 <list type="tag"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 <tag-name><literal>on</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 <tag-desc> |
966 | 479 allow usage of the <literal>STLS</literal> command for the POP3 |
480 and the <literal>STARTTLS</literal> command for the IMAP; | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 <tag-name><literal>off</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 <tag-desc> |
966 | 485 deny usage of the <literal>STLS</literal> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 and <literal>STARTTLS</literal> commands; |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 <tag-name><literal>only</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 <tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 require preliminary TLS transition. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 </list> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
496 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 </section> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
500 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
501 </module> |