Mercurial > hg > nginx-site
changeset 2618:0b98a81f196b
Documented the ssl_reject_handshake directive.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 27 Oct 2020 22:07:25 +0000 |
parents | 6684517c9d19 |
children | 94107f33b7bb |
files | xml/en/docs/http/ngx_http_ssl_module.xml xml/ru/docs/http/ngx_http_ssl_module.xml |
diffstat | 2 files changed, 68 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_ssl_module.xml +++ b/xml/en/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_ssl_module" link="/en/docs/http/ngx_http_ssl_module.html" lang="en" - rev="50"> + rev="51"> <section id="summary"> @@ -605,6 +605,39 @@ OpenSSL 1.1.1 built with TLSv1.3 support </directive> +<directive name="ssl_reject_handshake"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>http</context> +<context>server</context> +<appeared-in>1.19.4</appeared-in> + +<para> +If enabled, SSL handshakes in +the <link doc="ngx_http_core_module.xml" id="server"/> block will be rejected. +</para> + +<para> +For example, in the following configuration, SSL handshakes with +server names other than <literal>example.com</literal> are rejected: +<example> +server { + listen 443 ssl; + ssl_reject_handshake on; +} + +server { + listen 443 ssl; + server_name example.com; + ssl_certificate example.com.crt; + ssl_certificate_key example.com.key; +} +</example> +</para> + +</directive> + + <directive name="ssl_session_cache"> <syntax> <literal>off</literal> |
--- a/xml/ru/docs/http/ngx_http_ssl_module.xml +++ b/xml/ru/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_ssl_module" link="/ru/docs/http/ngx_http_ssl_module.html" lang="ru" - rev="50"> + rev="51"> <section id="summary"> @@ -609,6 +609,39 @@ http { </directive> +<directive name="ssl_reject_handshake"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>http</context> +<context>server</context> +<appeared-in>1.19.4</appeared-in> + +<para> +Если разрешено, то операции SSL handshake в +блоке <link doc="ngx_http_core_module.xml" id="server"/> будут отклонены. +</para> + +<para> +Например в этой конфигурации отклоняются все операции SSL handshake с +именем сервера, отличным от <literal>example.com</literal>: +<example> +server { + listen 443 ssl; + ssl_reject_handshake on; +} + +server { + listen 443 ssl; + server_name example.com; + ssl_certificate example.com.crt; + ssl_certificate_key example.com.key; +} +</example> +</para> + +</directive> + + <directive name="ssl_session_cache"> <syntax> <literal>off</literal> |