Mercurial > hg > nginx-site
annotate xml/en/docs/mail/ngx_mail_ssl_module.xml @ 1113:fc900e304544
Regenerated.
author | Maxim Konovalov <maxim@nginx.com> |
---|---|
date | Thu, 27 Mar 2014 07:08:42 +0000 |
parents | 2b6a858c60dc |
children | ac131944d349 |
rev | line source |
---|---|
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 <!-- |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 Copyright (C) 2006, 2007 Anton Yuzhaninov |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 --> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 <module name="Module ngx_mail_ssl_module" |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 link="/en/docs/mail/ngx_mail_ssl_module.html" |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 lang="en" |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
13 rev="3"> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 <section id="summary"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 <para> |
966 | 18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary |
19 support for a mail proxy server to work with the SSL/TLS protocol. | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 This module is not built by default, it should be enabled with |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 the <literal>--with-mail_ssl_module</literal> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 configuration parameter. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 <note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 This module requires the <link url="http://www.openssl.org">OpenSSL</link> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 library. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 </note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 </section> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 <section id="directives" name="Directives"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 <directive name="ssl"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 <para> |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
664
diff
changeset
|
44 Enables the SSL/TLS protocol for the given server. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 <directive name="ssl_certificate"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 <syntax><value>file</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 <default/> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 <para> |
966 | 57 Specifies a file with the certificate in the PEM format for the given |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
664
diff
changeset
|
58 server. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 If intermediate certificates should be specified in addition to a primary |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 certificate, they should be specified in the same file in the following |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 order: the primary certificate comes first, then the intermediate certificates. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 A secret key in the PEM format may be placed in the same file. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 <directive name="ssl_certificate_key"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 <syntax><value>file</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 <default/> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 <para> |
966 | 75 Specifies a file with the secret key in the PEM format for the given |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 server. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 <directive name="ssl_prefer_server_ciphers"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 Specifies that server ciphers should be preferred over client ciphers |
966 | 90 when the SSLv3 and TLS protocols are used. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 <directive name="ssl_protocols"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 [<literal>SSLv2</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 [<literal>SSLv3</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 [<literal>TLSv1</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 [<literal>TLSv1.1</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 [<literal>TLSv1.2</literal>]</syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 Enables the specified protocols. |
966 | 109 The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters work |
110 only when the OpenSSL library of version 1.0.1 or higher is used. | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 <note> |
966 | 112 The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters are |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 supported starting from versions 1.1.13 and 1.0.12 |
966 | 114 so when the OpenSSL version 1.0.1 or higher |
115 is used on older nginx versions, these protocols work, but cannot | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 be disabled. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 </note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 <directive name="ssl_session_cache"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 <literal>off</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 <literal>none</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 [<literal>builtin</literal>[:<value>size</value>]] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 [<literal>shared</literal>:<value>name</value>:<value>size</value>]</syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 <default>none</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 <para> |
966 | 134 Sets the types and sizes of caches that store session parameters. |
135 A cache can be of any of the following types: | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 <list type="tag"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 <tag-name><literal>off</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 <tag-desc> |
966 | 140 the use of a session cache is strictly prohibited: |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 nginx explicitly tells a client that sessions may not be reused. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 <tag-name><literal>none</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 <tag-desc> |
966 | 146 the use of a session cache is gently disallowed: |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 nginx tells a client that sessions may be reused, but does not |
966 | 148 actually store session parameters in the cache. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 <tag-name><literal>builtin</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 <tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 a cache built in OpenSSL; used by one worker process only. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 The cache size is specified in sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 If size is not given, it is equal to 20480 sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 Use of the built-in cache can cause memory fragmentation. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
159 <tag-name><literal>shared</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 <tag-desc> |
966 | 161 a cache shared between all worker processes. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 The cache size is specified in bytes; one megabyte can store |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 about 4000 sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 Each shared cache should have an arbitrary name. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 A cache with the same name can be used in several |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
664
diff
changeset
|
166 servers. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 </list> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 Both cache types can be used simultaneously, for example: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 <example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 ssl_session_cache builtin:1000 shared:SSL:10m; |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 but using only shared cache without the built-in cache should |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 be more efficient. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
184 <directive name="ssl_session_ticket_key"> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
185 <syntax><value>file</value></syntax> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
186 <default/> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
187 <context>mail</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
188 <context>server</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
189 <appeared-in>1.5.7</appeared-in> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
190 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
191 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
192 Sets a <value>file</value> with the secret key used to encrypt |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
193 and decrypt TLS session tickets. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
194 The directive is necessary if the same key has to be shared between |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
195 multiple servers. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
196 By default, a randomly generated key is used. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
197 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
198 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
199 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
200 If several keys are specified, only the first key is |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
201 used to encrypt TLS session tickets. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
202 This allows to configure key rotation, for example: |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
203 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
204 ssl_session_ticket_key current.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
205 ssl_session_ticket_key previous.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
206 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
207 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
208 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
209 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
210 The <value>file</value> must contain 48 bytes of random data and can |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
211 be created using the following command: |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
212 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
213 openssl rand 48 > ticket.key |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
214 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
215 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
216 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
217 </directive> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
218 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
219 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 <directive name="ssl_session_timeout"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 <syntax><value>time</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 <default>5m</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 Specifies a time during which a client may reuse the |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 session parameters stored in a cache. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 <directive name="starttls"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 <literal>on</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 <literal>off</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 <literal>only</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 <list type="tag"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 <tag-name><literal>on</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 <tag-desc> |
966 | 248 allow usage of the <literal>STLS</literal> command for the POP3 |
249 and the <literal>STARTTLS</literal> command for the IMAP; | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 <tag-name><literal>off</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 <tag-desc> |
966 | 254 deny usage of the <literal>STLS</literal> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 and <literal>STARTTLS</literal> commands; |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 <tag-name><literal>only</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 <tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 require preliminary TLS transition. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 </list> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 </section> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 </module> |