Mercurial > hg > nginx-site
annotate xml/ru/docs/mail/ngx_mail_ssl_module.xml @ 1429:06322891b4e3
Client certificate directives in mail_ssl_module and associates.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Sat, 28 Feb 2015 00:31:18 +0300 |
parents | 35d6ac64bf27 |
children | acba294382d6 |
rev | line source |
---|---|
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
2 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
3 <!-- |
638 | 4 Copyright (C) 2006, 2007 Anton Yuzhaninov |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
6 --> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
7 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
10 <module name="Модуль ngx_mail_ssl_module" |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
11 link="/ru/docs/mail/ngx_mail_ssl_module.html" |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
12 lang="ru" |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
13 rev="5"> |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 |
640
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
15 <section id="summary"> |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
16 |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
17 <para> |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
18 Модуль <literal>ngx_mail_ssl_module</literal> обеспечивает работу |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
19 почтового прокси-сервера по протоколу SSL/TLS. |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
20 </para> |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
21 |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
22 <para> |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
23 По умолчанию этот модуль не собирается, его сборку необходимо |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
24 разрешить с помощью конфигурационного параметра |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
25 <literal>--with-mail_ssl_module</literal>. |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
26 <note> |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
27 Для сборки и работы этого модуля нужна библиотека |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
28 <link url="http://www.openssl.org">OpenSSL</link>. |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
29 </note> |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
30 </para> |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
31 |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
32 </section> |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
33 |
febc8a4ad739
Added the "summary" section to ngx_mail_ssl_module.
Ruslan Ermilov <ru@nginx.com>
parents:
638
diff
changeset
|
34 |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
35 <section id="directives" name="Директивы"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
36 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
37 <directive name="ssl"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
38 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
39 <default>off</default> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
40 <context>mail</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
41 <context>server</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
42 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
43 <para> |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
640
diff
changeset
|
44 Включает протокол SSL/TLS для данного сервера. |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
45 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
46 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
47 </directive> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
48 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
49 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
50 <directive name="ssl_certificate"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
51 <syntax><value>файл</value></syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
52 <default/> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
53 <context>mail</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
54 <context>server</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
55 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
56 <para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
57 Указывает файл с сертификатом в формате PEM |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
640
diff
changeset
|
58 для данного сервера. |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
59 Если вместе с основным сертификатом нужно указать промежуточные, |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
60 то они должны находиться в этом же файле в следующем порядке — сначала |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
61 основной сертификат, а затем промежуточные. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
62 В этом же файле может находиться секретный ключ в формате PEM. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
63 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
64 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
65 </directive> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
66 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
67 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
68 <directive name="ssl_certificate_key"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
69 <syntax><value>файл</value></syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
70 <default/> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
71 <context>mail</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
72 <context>server</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
73 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
74 <para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
75 Указывает файл с секретным ключом в формате PEM |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
640
diff
changeset
|
76 для данного сервера. |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
77 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
78 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
79 </directive> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
80 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
81 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
82 <directive name="ssl_ciphers"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
83 <syntax><value>шифры</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
84 <default>HIGH:!aNULL:!MD5</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
85 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
86 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
87 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
88 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
89 Описывает разрешённые шифры. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
90 Шифры задаются в формате, поддерживаемом библиотекой |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
91 OpenSSL, например: |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
92 <example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
93 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
94 </example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
95 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
96 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
97 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
98 Полный список можно посмотреть с помощью команды |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
99 “<command>openssl ciphers</command>”. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
100 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
101 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
102 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
103 <note> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
104 В предыдущих версиях nginx по умолчанию использовались |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
105 <link doc="../http/configuring_https_servers.xml" id="compatibility">другие</link> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
106 шифры. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
107 </note> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
108 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
109 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
110 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
111 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
112 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
113 <directive name="ssl_client_certificate"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
114 <syntax><value>файл</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
115 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
116 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
117 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
118 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
119 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
120 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
121 Указывает <value>файл</value> с доверенными сертификатами CA в формате |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
122 PEM, которые используются для |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
123 <link id="ssl_verify_client">проверки</link> клиентских сертификатов. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
124 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
125 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
126 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
127 Список сертификатов будет отправляться клиентам. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
128 Если это нежелательно, можно воспользоваться директивой |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
129 <link id="ssl_trusted_certificate"/>. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
130 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
131 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
132 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
133 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
134 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
135 <directive name="ssl_crl"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
136 <syntax><value>файл</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
137 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
138 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
139 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
140 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
141 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
142 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
143 Указывает <value>файл</value> с отозванными сертификатами (CRL) |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
144 в формате PEM, используемыми для |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
145 <link id="ssl_verify_client">проверки</link> клиентских сертификатов. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
146 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
147 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
148 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
149 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
150 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
151 <directive name="ssl_dhparam"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
152 <syntax><value>файл</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
153 <default/> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
154 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
155 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
156 <appeared-in>0.7.2</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
157 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
158 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
159 Указывает <value>файл</value> с параметрами для шифров с обменом EDH-ключами. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
160 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
161 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
162 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
163 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
164 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
165 <directive name="ssl_ecdh_curve"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
166 <syntax><value>кривая</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
167 <default>prime256v1</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
168 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
169 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
170 <appeared-in>1.1.0</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
171 <appeared-in>1.0.6</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
172 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
173 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
174 Задаёт кривую для ECDHE-шифров. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
175 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
176 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
177 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
178 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
179 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
180 <directive name="ssl_password_file"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
181 <syntax><value>файл</value></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
182 <default/> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
183 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
184 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
185 <appeared-in>1.7.3</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
186 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
187 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
188 Задаёт <value>файл</value> с паролями от |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
189 <link id="ssl_certificate_key">секретных ключей</link>, |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
190 где каждый пароль указан на отдельной строке. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
191 Пароли применяются по очереди в момент загрузки ключа. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
192 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
193 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
194 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
195 Пример: |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
196 <example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
197 mail { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
198 ssl_password_file /etc/keys/global.pass; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
199 ... |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
200 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
201 server { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
202 server_name mail1.example.com; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
203 ssl_certificate_key /etc/keys/first.key; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
204 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
205 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
206 server { |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
207 server_name mail2.example.com; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
208 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
209 # вместо файла можно указать именованный канал |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
210 ssl_password_file /etc/keys/fifo; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
211 ssl_certificate_key /etc/keys/second.key; |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
212 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
213 } |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
214 </example> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
215 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
216 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
217 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
218 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
219 |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
220 <directive name="ssl_prefer_server_ciphers"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
221 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
222 <default>off</default> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
223 <context>mail</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
224 <context>server</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
225 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
226 <para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
227 Указывает, чтобы при использовании протоколов SSLv3 и TLS |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
228 серверные шифры были более приоритетны, чем клиентские. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
229 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
230 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
231 </directive> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
232 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
233 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
234 <directive name="ssl_protocols"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
235 <syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
236 [<literal>SSLv2</literal>] |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
237 [<literal>SSLv3</literal>] |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
238 [<literal>TLSv1</literal>] |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
239 [<literal>TLSv1.1</literal>] |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
240 [<literal>TLSv1.2</literal>]</syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
241 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
242 <context>mail</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
243 <context>server</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
244 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
245 <para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
246 Разрешает указанные протоколы. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
247 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> работают |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
248 только при использовании библиотеки OpenSSL версии 1.0.1 и выше. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
249 <note> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
250 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> поддерживаются |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
251 только начиная с версий 1.1.13 и 1.0.12, |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
252 поэтому при использовании OpenSSL версии 1.0.1 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
253 и выше на старых версиях nginx эти протоколы работать будут, однако их нельзя |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
254 будет отключить. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
255 </note> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
256 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
257 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
258 </directive> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
259 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
260 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
261 <directive name="ssl_session_cache"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
262 <syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
263 <literal>off</literal> | |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
264 <literal>none</literal> | |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
265 [<literal>builtin</literal>[:<value>размер</value>]] |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
266 [<literal>shared</literal>:<value>название</value>:<value>размер</value>]</syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
267 <default>none</default> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
268 <context>mail</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
269 <context>server</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
270 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
271 <para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
272 Задаёт тип и размеры кэшей для хранения параметров сессий. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
273 Тип кэша может быть следующим: |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
274 <list type="tag" compact="no"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
275 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
276 <tag-name><literal>off</literal></tag-name> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
277 <tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
278 жёсткое запрещение использования кэша сессий: |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
279 nginx явно говорит клиенту, что сессии не могут использоваться повторно. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
280 </tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
281 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
282 <tag-name><literal>none</literal></tag-name> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
283 <tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
284 мягкое запрещение использования кэша сессий: |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
285 nginx говорит клиенту, что сессии могут использоваться повторно, но |
966 | 286 на самом деле не хранит параметры сессии в кэше. |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
287 </tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
288 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
289 <tag-name><literal>builtin</literal></tag-name> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
290 <tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
291 встроенный в OpenSSL кэш, используется в рамках только одного рабочего процесса. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
292 Размер кэша задаётся в сессиях. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
293 Если размер не задан, то он равен 20480 сессиям. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
294 Использование встроенного кэша может вести к фрагментации памяти. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
295 </tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
296 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
297 <tag-name><literal>shared</literal></tag-name> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
298 <tag-desc> |
966 | 299 кэш, разделяемый между всеми рабочими процессами. |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
300 Размер кэша задаётся в байтах, в 1 мегабайт может поместиться |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
301 около 4000 сессий. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
302 У каждого разделяемого кэша должно быть произвольное название. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
303 Кэш с одинаковым названием может использоваться в нескольких |
751
9c1ffd02f1b7
Removed "virtual" and HTTPS references from mail modules.
Vladimir Homutov <vl@nginx.com>
parents:
640
diff
changeset
|
304 серверах. |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
305 </tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
306 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
307 </list> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
308 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
309 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
310 <para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
311 Можно использовать одновременно оба типа кэша, например: |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
312 <example> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
313 ssl_session_cache builtin:1000 shared:SSL:10m; |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
314 </example> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
315 однако использование только разделяемого кэша без встроенного должно |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
316 быть более эффективным. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
317 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
318 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
319 </directive> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
320 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
321 |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
322 <directive name="ssl_session_ticket_key"> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
323 <syntax><value>файл</value></syntax> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
324 <default/> |
1020 | 325 <context>mail</context> |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
326 <context>server</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
327 <appeared-in>1.5.7</appeared-in> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
328 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
329 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
330 Задаёт <value>файл</value> с секретным ключом, применяемым при шифровании и |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
331 расшифровании TLS session tickets. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
332 Директива необходима, если один и тот же ключ нужно использовать |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
333 на нескольких серверах. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
334 По умолчанию используется случайно сгенерированный ключ. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
335 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
336 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
337 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
338 Если указано несколько ключей, то только первый ключ |
1020 | 339 используется для шифрования TLS session tickets. |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
340 Это позволяет настроить ротацию ключей, например: |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
341 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
342 ssl_session_ticket_key current.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
343 ssl_session_ticket_key previous.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
344 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
345 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
346 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
347 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
348 <value>Файл</value> должен содержать 48 байт случайных данных и может быть |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
349 создан следующей командой: |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
350 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
351 openssl rand 48 > ticket.key |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
352 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
353 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
354 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
355 </directive> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
356 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
357 |
1266
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
358 <directive name="ssl_session_tickets"> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
359 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
360 <default>on</default> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
361 <context>mail</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
362 <context>server</context> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
363 <appeared-in>1.5.9</appeared-in> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
364 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
365 <para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
366 Разрешает или запрещает возобновление сессий при помощи |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
367 <link url="http://tools.ietf.org/html/rfc5077">TLS session tickets</link>. |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
368 </para> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
369 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
370 </directive> |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
371 |
35d6ac64bf27
Documented five directives in the mail ssl module.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1020
diff
changeset
|
372 |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
373 <directive name="ssl_session_timeout"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
374 <syntax><value>время</value></syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
375 <default>5m</default> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
376 <context>mail</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
377 <context>server</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
378 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
379 <para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
380 Задаёт время, в течение которого клиент может повторно |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
381 использовать параметры сессии, хранящейся в кэше. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
382 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
383 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
384 </directive> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
385 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
386 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
387 <directive name="ssl_trusted_certificate"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
388 <syntax><value>файл</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
389 <default/> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
390 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
391 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
392 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
393 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
394 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
395 Задаёт <value>файл</value> с доверенными сертификатами CA в формате PEM, |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
396 которые используются для |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
397 <link id="ssl_verify_client">проверки</link> клиентских сертификатов. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
398 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
399 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
400 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
401 В отличие от <link id="ssl_client_certificate"/>, список этих сертификатов |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
402 не будет отправляться клиентам. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
403 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
404 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
405 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
406 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
407 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
408 <directive name="ssl_verify_client"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
409 <syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
410 <literal>on</literal> | <literal>off</literal> | |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
411 <literal>optional</literal> | <literal>optional_no_ca</literal></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
412 <default>off</default> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
413 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
414 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
415 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
416 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
417 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
418 Разрешает проверку клиентских сертификатов. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
419 Результат проверки передаётся в заголовке |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
420 <header>Auth-SSL-Verify</header> в запросе |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
421 <link doc="ngx_mail_auth_http_module.xml" id="auth_http">аутентификации</link>. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
422 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
423 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
424 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
425 Параметр <literal>optional</literal> запрашивает клиентский |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
426 сертификат, и если сертификат был предоставлен, проверяет его. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
427 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
428 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
429 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
430 Параметр <literal>optional_no_ca</literal> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
431 запрашивает сертификат |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
432 клиента, но не требует, чтобы он был подписан доверенным сертификатом CA. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
433 Это предназначено для случаев, когда фактическая проверка сертификата |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
434 осуществляется внешним по отношению к nginx’у сервисом. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
435 Содержимое сертификата доступно в запросах, |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
436 <link doc="ngx_mail_auth_http_module.xml" |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
437 id="auth_http_pass_client_cert">посылаемых</link> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
438 на сервер аутентификации. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
439 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
440 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
441 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
442 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
443 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
444 <directive name="ssl_verify_depth"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
445 <syntax><value>число</value></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
446 <default>1</default> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
447 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
448 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
449 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
450 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
451 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
452 Устанавливает глубину проверки в цепочке клиентских сертификатов. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
453 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
454 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
455 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
456 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1266
diff
changeset
|
457 |
630
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
458 <directive name="starttls"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
459 <syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
460 <literal>on</literal> | |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
461 <literal>off</literal> | |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
462 <literal>only</literal></syntax> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
463 <default>off</default> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
464 <context>mail</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
465 <context>server</context> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
466 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
467 <para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
468 <list type="tag"> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
469 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
470 <tag-name><literal>on</literal></tag-name> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
471 <tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
472 разрешить использование команд <literal>STLS</literal> для POP3 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
473 и <literal>STARTTLS</literal> для IMAP; |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
474 </tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
475 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
476 <tag-name><literal>off</literal></tag-name> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
477 <tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
478 запретить использование команд <literal>STLS</literal> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
479 и <literal>STARTTLS</literal>; |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
480 </tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
481 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
482 <tag-name><literal>only</literal></tag-name> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
483 <tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
484 требовать предварительного перехода на TLS. |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
485 </tag-desc> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
486 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
487 </list> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
488 </para> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
489 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
490 </directive> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
491 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
492 </section> |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
493 |
a235ce0f8eef
Initial mail proxy server documentation in Russian.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
494 </module> |