# HG changeset patch
# User Yaroslav Zhuravlev <yar@nginx.com>
# Date 1603836445 0
# Node ID 0b98a81f196ba3133936b740ce6ae72ea4069124
# Parent  6684517c9d193463a97d96abfe5886ac788aa74b
Documented the ssl_reject_handshake directive.

diff --git a/xml/en/docs/http/ngx_http_ssl_module.xml b/xml/en/docs/http/ngx_http_ssl_module.xml
--- a/xml/en/docs/http/ngx_http_ssl_module.xml
+++ b/xml/en/docs/http/ngx_http_ssl_module.xml
@@ -10,7 +10,7 @@
 <module name="Module ngx_http_ssl_module"
         link="/en/docs/http/ngx_http_ssl_module.html"
         lang="en"
-        rev="50">
+        rev="51">
 
 <section id="summary">
 
@@ -605,6 +605,39 @@ OpenSSL 1.1.1 built with TLSv1.3 support
 </directive>
 
 
+<directive name="ssl_reject_handshake">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>http</context>
+<context>server</context>
+<appeared-in>1.19.4</appeared-in>
+
+<para>
+If enabled, SSL handshakes in
+the <link doc="ngx_http_core_module.xml" id="server"/> block will be rejected.
+</para>
+
+<para>
+For example, in the following configuration, SSL handshakes with
+server names other than <literal>example.com</literal> are rejected:
+<example>
+server {
+    listen               443 ssl;
+    ssl_reject_handshake on;
+}
+
+server {
+    listen              443 ssl;
+    server_name         example.com;
+    ssl_certificate     example.com.crt;
+    ssl_certificate_key example.com.key;
+}
+</example>
+</para>
+
+</directive>
+
+
 <directive name="ssl_session_cache">
 <syntax>
     <literal>off</literal> |
diff --git a/xml/ru/docs/http/ngx_http_ssl_module.xml b/xml/ru/docs/http/ngx_http_ssl_module.xml
--- a/xml/ru/docs/http/ngx_http_ssl_module.xml
+++ b/xml/ru/docs/http/ngx_http_ssl_module.xml
@@ -10,7 +10,7 @@
 <module name="Модуль ngx_http_ssl_module"
         link="/ru/docs/http/ngx_http_ssl_module.html"
         lang="ru"
-        rev="50">
+        rev="51">
 
 <section id="summary">
 
@@ -609,6 +609,39 @@ http {
 </directive>
 
 
+<directive name="ssl_reject_handshake">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>http</context>
+<context>server</context>
+<appeared-in>1.19.4</appeared-in>
+
+<para>
+Если разрешено, то операции SSL handshake в
+блоке <link doc="ngx_http_core_module.xml" id="server"/> будут отклонены.
+</para>
+
+<para>
+Например в этой конфигурации отклоняются все операции SSL handshake с
+именем сервера, отличным от <literal>example.com</literal>:
+<example>
+server {
+    listen               443 ssl;
+    ssl_reject_handshake on;
+}
+
+server {
+    listen              443 ssl;
+    server_name         example.com;
+    ssl_certificate     example.com.crt;
+    ssl_certificate_key example.com.key;
+}
+</example>
+</para>
+
+</directive>
+
+
 <directive name="ssl_session_cache">
 <syntax>
     <literal>off</literal> |