Mercurial > hg > nginx-site
annotate xml/en/docs/mail/ngx_mail_ssl_module.xml @ 1429:06322891b4e3
Client certificate directives in mail_ssl_module and associates.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Sat, 28 Feb 2015 00:31:18 +0300 |
parents | 35d6ac64bf27 |
children | acba294382d6 |
rev | line source |
---|---|
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 <!-- |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 Copyright (C) 2006, 2007 Anton Yuzhaninov |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 --> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 <module name="Module ngx_mail_ssl_module" |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 link="/en/docs/mail/ngx_mail_ssl_module.html" |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 lang="en" |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
13 rev="5"> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 <section id="summary"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 <para> |
966 | 18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary |
19 support for a mail proxy server to work with the SSL/TLS protocol. | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 This module is not built by default, it should be enabled with |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 the <literal>--with-mail_ssl_module</literal> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 configuration parameter. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 <note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 This module requires the <link url="http://www.openssl.org">OpenSSL</link> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 library. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 </note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 </section> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 <section id="directives" name="Directives"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 <directive name="ssl"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 <para> |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
664
diff
changeset
|
44 Enables the SSL/TLS protocol for the given server. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 <directive name="ssl_certificate"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 <syntax><value>file</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 <default/> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 <para> |
966 | 57 Specifies a file with the certificate in the PEM format for the given |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
664
diff
changeset
|
58 server. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 If intermediate certificates should be specified in addition to a primary |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 certificate, they should be specified in the same file in the following |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 order: the primary certificate comes first, then the intermediate certificates. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 A secret key in the PEM format may be placed in the same file. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 <directive name="ssl_certificate_key"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 <syntax><value>file</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 <default/> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 <para> |
966 | 75 Specifies a file with the secret key in the PEM format for the given |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 server. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
82 <directive name="ssl_ciphers"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
83 <syntax><value>ciphers</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
84 <default>HIGH:!aNULL:!MD5</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
85 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
86 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
87 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
88 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
89 Specifies the enabled ciphers. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
90 The ciphers are specified in the format understood by the |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
91 OpenSSL library, for example: |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
92 <example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
93 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
94 </example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
95 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
96 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
97 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
98 The full list can be viewed using the |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
99 “<command>openssl ciphers</command>” command. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
100 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
101 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
102 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
103 <note> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
104 The previous versions of nginx used |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
105 <link doc="../http/configuring_https_servers.xml" id="compatibility">different</link> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
106 ciphers by default. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
107 </note> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
108 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
109 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
110 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
111 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
112 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
113 <directive name="ssl_client_certificate"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
114 <syntax><value>file</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
115 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
116 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
117 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
118 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
119 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
120 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
121 Specifies a <value>file</value> with trusted CA certificates in the PEM format |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
122 used to <link id="ssl_verify_client">verify</link> client certificates. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
123 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
124 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
125 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
126 The list of certificates will be sent to clients. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
127 If this is not desired, the <link id="ssl_trusted_certificate"/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
128 directive can be used. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
129 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
130 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
131 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
132 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
133 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
134 <directive name="ssl_crl"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
135 <syntax><value>file</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
136 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
137 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
138 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
139 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
140 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
141 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
142 Specifies a <value>file</value> with revoked certificates (CRL) |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
143 in the PEM format used to <link id="ssl_verify_client">verify</link> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
144 client certificates. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
145 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
146 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
147 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
148 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
149 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
150 <directive name="ssl_dhparam"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
151 <syntax><value>file</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
152 <default/> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
153 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
154 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
155 <appeared-in>0.7.2</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
156 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
157 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
158 Specifies a <value>file</value> with DH parameters for EDH ciphers. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
159 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
160 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
161 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
162 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
163 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
164 <directive name="ssl_ecdh_curve"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
165 <syntax><value>curve</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
166 <default>prime256v1</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
167 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
168 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
169 <appeared-in>1.1.0</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
170 <appeared-in>1.0.6</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
171 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
172 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
173 Specifies a <value>curve</value> for ECDHE ciphers. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
174 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
175 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
176 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
177 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
178 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
179 <directive name="ssl_password_file"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
180 <syntax><value>file</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
181 <default/> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
182 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
183 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
184 <appeared-in>1.7.3</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
185 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
186 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
187 Specifies a <value>file</value> with passphrases for |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
188 <link id="ssl_certificate_key">secret keys</link> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
189 where each passphrase is specified on a separate line. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
190 Passphrases are tried in turn when loading the key. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
191 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
192 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
193 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
194 Example: |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
195 <example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
196 mail { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
197 ssl_password_file /etc/keys/global.pass; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
198 ... |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
199 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
200 server { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
201 server_name mail1.example.com; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
202 ssl_certificate_key /etc/keys/first.key; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
203 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
204 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
205 server { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
206 server_name mail2.example.com; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
207 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
208 # named pipe can also be used instead of a file |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
209 ssl_password_file /etc/keys/fifo; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
210 ssl_certificate_key /etc/keys/second.key; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
211 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
212 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
213 </example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
214 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
215 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
216 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
217 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
218 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 <directive name="ssl_prefer_server_ciphers"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 Specifies that server ciphers should be preferred over client ciphers |
966 | 227 when the SSLv3 and TLS protocols are used. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 <directive name="ssl_protocols"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 [<literal>SSLv2</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 [<literal>SSLv3</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 [<literal>TLSv1</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 [<literal>TLSv1.1</literal>] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 [<literal>TLSv1.2</literal>]</syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 Enables the specified protocols. |
966 | 246 The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters work |
247 only when the OpenSSL library of version 1.0.1 or higher is used. | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 <note> |
966 | 249 The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters are |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 supported starting from versions 1.1.13 and 1.0.12 |
966 | 251 so when the OpenSSL version 1.0.1 or higher |
252 is used on older nginx versions, these protocols work, but cannot | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 be disabled. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 </note> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 <directive name="ssl_session_cache"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 <literal>off</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 <literal>none</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 [<literal>builtin</literal>[:<value>size</value>]] |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 [<literal>shared</literal>:<value>name</value>:<value>size</value>]</syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 <default>none</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 <para> |
966 | 271 Sets the types and sizes of caches that store session parameters. |
272 A cache can be of any of the following types: | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 <list type="tag"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 <tag-name><literal>off</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 <tag-desc> |
966 | 277 the use of a session cache is strictly prohibited: |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 nginx explicitly tells a client that sessions may not be reused. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 <tag-name><literal>none</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 <tag-desc> |
966 | 283 the use of a session cache is gently disallowed: |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 nginx tells a client that sessions may be reused, but does not |
966 | 285 actually store session parameters in the cache. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
286 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 <tag-name><literal>builtin</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 <tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 a cache built in OpenSSL; used by one worker process only. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 The cache size is specified in sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 If size is not given, it is equal to 20480 sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 Use of the built-in cache can cause memory fragmentation. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 <tag-name><literal>shared</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 <tag-desc> |
966 | 298 a cache shared between all worker processes. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 The cache size is specified in bytes; one megabyte can store |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 about 4000 sessions. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 Each shared cache should have an arbitrary name. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
302 A cache with the same name can be used in several |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
664
diff
changeset
|
303 servers. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
306 </list> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 Both cache types can be used simultaneously, for example: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 <example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 ssl_session_cache builtin:1000 shared:SSL:10m; |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
313 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 but using only shared cache without the built-in cache should |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
315 be more efficient. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
317 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
321 <directive name="ssl_session_ticket_key"> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
322 <syntax><value>file</value></syntax> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
323 <default/> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
324 <context>mail</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
325 <context>server</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
326 <appeared-in>1.5.7</appeared-in> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
327 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
328 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
329 Sets a <value>file</value> with the secret key used to encrypt |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
330 and decrypt TLS session tickets. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
331 The directive is necessary if the same key has to be shared between |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
332 multiple servers. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
333 By default, a randomly generated key is used. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
334 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
335 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
336 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
337 If several keys are specified, only the first key is |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
338 used to encrypt TLS session tickets. |
1144
ac131944d349
Changed infinitive to gerund after "allow".
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1019
diff
changeset
|
339 This allows configuring key rotation, for example: |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
340 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
341 ssl_session_ticket_key current.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
342 ssl_session_ticket_key previous.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
343 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
344 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
345 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
346 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
347 The <value>file</value> must contain 48 bytes of random data and can |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
348 be created using the following command: |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
349 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
350 openssl rand 48 > ticket.key |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
351 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
352 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
353 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
354 </directive> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
355 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
356 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
357 <directive name="ssl_session_tickets"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
358 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
359 <default>on</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
360 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
361 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
362 <appeared-in>1.5.9</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
363 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
364 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
365 Enables or disables session resumption through |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
366 <link url="http://tools.ietf.org/html/rfc5077">TLS session tickets</link>. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
367 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
368 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
369 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
370 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1144
diff
changeset
|
371 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
372 <directive name="ssl_session_timeout"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 <syntax><value>time</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
374 <default>5m</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
375 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
376 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
377 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
378 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
379 Specifies a time during which a client may reuse the |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 session parameters stored in a cache. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
384 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
386 <directive name="ssl_trusted_certificate"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
387 <syntax><value>file</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
388 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
389 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
390 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
391 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
392 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
393 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
394 Specifies a <value>file</value> with trusted CA certificates in the PEM format |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
395 used to <link id="ssl_verify_client">verify</link> client certificates. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
396 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
397 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
398 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
399 In contrast to the certificate set by <link id="ssl_client_certificate"/>, |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
400 the list of these certificates will not be sent to clients. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
401 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
402 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
403 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
404 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
405 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
406 <directive name="ssl_verify_client"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
407 <syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
408 <literal>on</literal> | <literal>off</literal> | |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
409 <literal>optional</literal> | <literal>optional_no_ca</literal></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
410 <default>off</default> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
411 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
412 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
413 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
414 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
415 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
416 Enables verification of client certificates. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
417 The verification result is passed in the |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
418 <header>Auth-SSL-Verify</header> header of the |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
419 <link doc="ngx_mail_auth_http_module.xml" id="auth_http">authentication</link> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
420 request. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
421 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
422 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
423 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
424 The <literal>optional</literal> parameter requests the client |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
425 certificate and verifies it if the certificate is present. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
426 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
427 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
428 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
429 The <literal>optional_no_ca</literal> parameter |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
430 requests the client |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
431 certificate but does not require it to be signed by a trusted CA certificate. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
432 This is intended for the use in cases when a service that is external to nginx |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
433 performs the actual certificate verification. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
434 The contents of the certificate is accessible through requests |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
435 <link doc="ngx_mail_auth_http_module.xml" |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
436 id="auth_http_pass_client_cert">sent</link> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
437 to the authentication server. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
438 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
439 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
440 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
441 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
442 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
443 <directive name="ssl_verify_depth"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
444 <syntax><value>number</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
445 <default>1</default> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
446 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
447 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
448 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
449 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
450 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
451 Sets the verification depth in the client certificates chain. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
452 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
453 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
454 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
455 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
456 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 <directive name="starttls"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 <syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 <literal>on</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
460 <literal>off</literal> | |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
461 <literal>only</literal></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
462 <default>off</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
463 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 <list type="tag"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 <tag-name><literal>on</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 <tag-desc> |
966 | 471 allow usage of the <literal>STLS</literal> command for the POP3 |
472 and the <literal>STARTTLS</literal> command for the IMAP; | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 <tag-name><literal>off</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 <tag-desc> |
966 | 477 deny usage of the <literal>STLS</literal> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 and <literal>STARTTLS</literal> commands; |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 <tag-name><literal>only</literal></tag-name> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 <tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 require preliminary TLS transition. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 </tag-desc> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 </list> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 </section> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 </module> |