Mercurial > hg > nginx
annotate src/http/modules/ngx_http_ssl_module.h @ 5425:1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.
ssl_session_ticket_key session_tickets/current.key;
ssl_session_ticket_key session_tickets/prev-1h.key;
ssl_session_ticket_key session_tickets/prev-2h.key;
Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
| author | Piotr Sikora <piotr@cloudflare.com> |
|---|---|
| date | Fri, 11 Oct 2013 16:05:24 -0700 |
| parents | 4a804fd04e6c |
| children | a297b7ad6f94 |
| rev | line source |
|---|---|
|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
1 |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
2 /* |
|
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
| 4412 | 4 * Copyright (C) Nginx, Inc. |
|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
5 */ |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
6 |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
7 |
|
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
8 #ifndef _NGX_HTTP_SSL_H_INCLUDED_ |
|
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
9 #define _NGX_HTTP_SSL_H_INCLUDED_ |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 #include <ngx_config.h> |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 #include <ngx_core.h> |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
14 #include <ngx_http.h> |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
15 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 |
| 973 | 17 typedef struct { |
| 18 ngx_flag_t enable; | |
| 19 | |
| 20 ngx_ssl_t ssl; | |
| 21 | |
| 22 ngx_flag_t prefer_server_ciphers; | |
| 573 | 23 |
| 973 | 24 ngx_uint_t protocols; |
| 25 | |
| 2123 | 26 ngx_uint_t verify; |
| 27 ngx_uint_t verify_depth; | |
| 973 | 28 |
| 29 ssize_t builtin_session_cache; | |
|
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
30 |
| 973 | 31 time_t session_timeout; |
| 32 | |
| 33 ngx_str_t certificate; | |
| 34 ngx_str_t certificate_key; | |
| 2044 | 35 ngx_str_t dhparam; |
| 3960 | 36 ngx_str_t ecdh_curve; |
| 973 | 37 ngx_str_t client_certificate; |
|
4872
7c3cca603438
OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
38 ngx_str_t trusted_certificate; |
| 2995 | 39 ngx_str_t crl; |
| 973 | 40 |
| 41 ngx_str_t ciphers; | |
| 42 | |
| 43 ngx_shm_zone_t *shm_zone; | |
| 2224 | 44 |
|
5425
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
4879
diff
changeset
|
45 ngx_array_t *session_ticket_keys; |
|
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
4879
diff
changeset
|
46 |
|
4873
dd74fd35ceb5
OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4872
diff
changeset
|
47 ngx_flag_t stapling; |
|
4879
4a804fd04e6c
OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4875
diff
changeset
|
48 ngx_flag_t stapling_verify; |
|
4873
dd74fd35ceb5
OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4872
diff
changeset
|
49 ngx_str_t stapling_file; |
|
4875
386a06a22c40
OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4873
diff
changeset
|
50 ngx_str_t stapling_responder; |
|
4873
dd74fd35ceb5
OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4872
diff
changeset
|
51 |
| 2224 | 52 u_char *file; |
| 53 ngx_uint_t line; | |
|
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
54 } ngx_http_ssl_srv_conf_t; |
|
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
384
diff
changeset
|
55 |
|
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
384
diff
changeset
|
56 |
|
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
57 extern ngx_module_t ngx_http_ssl_module; |
|
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
58 |
|
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
59 |
|
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
60 #endif /* _NGX_HTTP_SSL_H_INCLUDED_ */ |