nginx-site: xml/en/docs/http/ngx_http_ssl

Documented the ssl_reject_handshake directive.

author	Yaroslav Zhuravlev <yar@nginx.com>
date	Tue, 27 Oct 2020 22:07:25 +0000
parents	d8bf37d20449
children	78161967514f

comparison

equal deleted inserted replaced

-:6684517c9d19
+:0b98a81f196b
 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
 <module name="Module ngx_http_ssl_module"
 link="/en/docs/http/ngx_http_ssl_module.html"
 lang="en"
-rev="50">
+rev="51">
 <section id="summary">
 <para>
 The <literal>ngx_http_ssl_module</literal> module provides the
 </para>
 </directive>
+<directive name="ssl_reject_handshake">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>http</context>
+<context>server</context>
+<appeared-in>1.19.4</appeared-in>
+<para>
+If enabled, SSL handshakes in
+the <link doc="ngx_http_core_module.xml" id="server"/> block will be rejected.
+</para>
+<para>
+For example, in the following configuration, SSL handshakes with
+server names other than <literal>example.com</literal> are rejected:
+<example>
+server {
+listen               443 ssl;
+ssl_reject_handshake on;
+}
+server {
+listen              443 ssl;
+server_name         example.com;
+ssl_certificate     example.com.crt;
+ssl_certificate_key example.com.key;
+}
+</example>
+</para>
+</directive>
 <directive name="ssl_session_cache">
 <syntax>
 <literal>off</literal> |
 <literal>none</literal> |
 [<literal>builtin</literal>[:<value>size</value>]]

Mercurial > hg > nginx-site