Mercurial > hg > nginx-site
comparison xml/en/docs/mail/ngx_mail_ssl_module.xml @ 1266:35d6ac64bf27
Documented five directives in the mail ssl module.
The following directives were documented:
ssl_ciphers, ssl_dhparam, ssl_ecdh_curve, ssl_password_file, ssl_session_tickets.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 05 Aug 2014 19:07:39 +0400 |
parents | ac131944d349 |
children | 06322891b4e3 |
comparison
equal
deleted
inserted
replaced
1265:ba6da8f0ecd2 | 1266:35d6ac64bf27 |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_mail_ssl_module" | 10 <module name="Module ngx_mail_ssl_module" |
11 link="/en/docs/mail/ngx_mail_ssl_module.html" | 11 link="/en/docs/mail/ngx_mail_ssl_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="3"> | 13 rev="4"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary | 18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary |
72 <context>server</context> | 72 <context>server</context> |
73 | 73 |
74 <para> | 74 <para> |
75 Specifies a file with the secret key in the PEM format for the given | 75 Specifies a file with the secret key in the PEM format for the given |
76 server. | 76 server. |
77 </para> | |
78 | |
79 </directive> | |
80 | |
81 | |
82 <directive name="ssl_ciphers"> | |
83 <syntax><value>ciphers</value></syntax> | |
84 <default>HIGH:!aNULL:!MD5</default> | |
85 <context>mail</context> | |
86 <context>server</context> | |
87 | |
88 <para> | |
89 Specifies the enabled ciphers. | |
90 The ciphers are specified in the format understood by the | |
91 OpenSSL library, for example: | |
92 <example> | |
93 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
94 </example> | |
95 </para> | |
96 | |
97 <para> | |
98 The full list can be viewed using the | |
99 “<command>openssl ciphers</command>” command. | |
100 </para> | |
101 | |
102 <para> | |
103 <note> | |
104 The previous versions of nginx used | |
105 <link doc="../http/configuring_https_servers.xml" id="compatibility">different</link> | |
106 ciphers by default. | |
107 </note> | |
108 </para> | |
109 | |
110 </directive> | |
111 | |
112 | |
113 <directive name="ssl_dhparam"> | |
114 <syntax><value>file</value></syntax> | |
115 <default/> | |
116 <context>mail</context> | |
117 <context>server</context> | |
118 <appeared-in>0.7.2</appeared-in> | |
119 | |
120 <para> | |
121 Specifies a <value>file</value> with DH parameters for EDH ciphers. | |
122 </para> | |
123 | |
124 </directive> | |
125 | |
126 | |
127 <directive name="ssl_ecdh_curve"> | |
128 <syntax><value>curve</value></syntax> | |
129 <default>prime256v1</default> | |
130 <context>mail</context> | |
131 <context>server</context> | |
132 <appeared-in>1.1.0</appeared-in> | |
133 <appeared-in>1.0.6</appeared-in> | |
134 | |
135 <para> | |
136 Specifies a <value>curve</value> for ECDHE ciphers. | |
137 </para> | |
138 | |
139 </directive> | |
140 | |
141 | |
142 <directive name="ssl_password_file"> | |
143 <syntax><value>file</value></syntax> | |
144 <default/> | |
145 <context>mail</context> | |
146 <context>server</context> | |
147 <appeared-in>1.7.3</appeared-in> | |
148 | |
149 <para> | |
150 Specifies a <value>file</value> with passphrases for | |
151 <link id="ssl_certificate_key">secret keys</link> | |
152 where each passphrase is specified on a separate line. | |
153 Passphrases are tried in turn when loading the key. | |
154 </para> | |
155 | |
156 <para> | |
157 Example: | |
158 <example> | |
159 mail { | |
160 ssl_password_file /etc/keys/global.pass; | |
161 ... | |
162 | |
163 server { | |
164 server_name mail1.example.com; | |
165 ssl_certificate_key /etc/keys/first.key; | |
166 } | |
167 | |
168 server { | |
169 server_name mail2.example.com; | |
170 | |
171 # named pipe can also be used instead of a file | |
172 ssl_password_file /etc/keys/fifo; | |
173 ssl_certificate_key /etc/keys/second.key; | |
174 } | |
175 } | |
176 </example> | |
77 </para> | 177 </para> |
78 | 178 |
79 </directive> | 179 </directive> |
80 | 180 |
81 | 181 |
215 </para> | 315 </para> |
216 | 316 |
217 </directive> | 317 </directive> |
218 | 318 |
219 | 319 |
320 <directive name="ssl_session_tickets"> | |
321 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
322 <default>on</default> | |
323 <context>mail</context> | |
324 <context>server</context> | |
325 <appeared-in>1.5.9</appeared-in> | |
326 | |
327 <para> | |
328 Enables or disables session resumption through | |
329 <link url="http://tools.ietf.org/html/rfc5077">TLS session tickets</link>. | |
330 </para> | |
331 | |
332 </directive> | |
333 | |
334 | |
220 <directive name="ssl_session_timeout"> | 335 <directive name="ssl_session_timeout"> |
221 <syntax><value>time</value></syntax> | 336 <syntax><value>time</value></syntax> |
222 <default>5m</default> | 337 <default>5m</default> |
223 <context>mail</context> | 338 <context>mail</context> |
224 <context>server</context> | 339 <context>server</context> |