Mercurial > hg > nginx-site
comparison xml/en/docs/mail/ngx_mail_ssl_module.xml @ 1019:2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 22 Nov 2013 16:44:41 +0400 |
parents | 95c3c3bbf1ce |
children | ac131944d349 |
comparison
equal
deleted
inserted
replaced
1018:19129672444e | 1019:2b6a858c60dc |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_mail_ssl_module" | 10 <module name="Module ngx_mail_ssl_module" |
11 link="/en/docs/mail/ngx_mail_ssl_module.html" | 11 link="/en/docs/mail/ngx_mail_ssl_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="2"> | 13 rev="3"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary | 18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary |
179 </para> | 179 </para> |
180 | 180 |
181 </directive> | 181 </directive> |
182 | 182 |
183 | 183 |
184 <directive name="ssl_session_ticket_key"> | |
185 <syntax><value>file</value></syntax> | |
186 <default/> | |
187 <context>mail</context> | |
188 <context>server</context> | |
189 <appeared-in>1.5.7</appeared-in> | |
190 | |
191 <para> | |
192 Sets a <value>file</value> with the secret key used to encrypt | |
193 and decrypt TLS session tickets. | |
194 The directive is necessary if the same key has to be shared between | |
195 multiple servers. | |
196 By default, a randomly generated key is used. | |
197 </para> | |
198 | |
199 <para> | |
200 If several keys are specified, only the first key is | |
201 used to encrypt TLS session tickets. | |
202 This allows to configure key rotation, for example: | |
203 <example> | |
204 ssl_session_ticket_key current.key; | |
205 ssl_session_ticket_key previous.key; | |
206 </example> | |
207 </para> | |
208 | |
209 <para> | |
210 The <value>file</value> must contain 48 bytes of random data and can | |
211 be created using the following command: | |
212 <example> | |
213 openssl rand 48 > ticket.key | |
214 </example> | |
215 </para> | |
216 | |
217 </directive> | |
218 | |
219 | |
184 <directive name="ssl_session_timeout"> | 220 <directive name="ssl_session_timeout"> |
185 <syntax><value>time</value></syntax> | 221 <syntax><value>time</value></syntax> |
186 <default>5m</default> | 222 <default>5m</default> |
187 <context>mail</context> | 223 <context>mail</context> |
188 <context>server</context> | 224 <context>server</context> |