nginx-site: xml/ru/docs/http/ngx_http_ssl

annotate xml/ru/docs/http/ngx_http_ssl_module.xml @ 2769:16f6fa718be2

Updated TLSv1.3 support notes. Previous notes described some early development snapshot of OpenSSL 1.1.1 with disabled TLSv1.3 by default. It was then enabled in the first alpha. Further, the updated text covers later major releases such as OpenSSL 3.0.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Thu, 30 Sep 2021 16:29:20 +0300
parents	ff357b676c2e
children	d16409187314

rev	line source
222 bfe3eff81d04 Removed redundant encoding specification. Ruslan Ermilov <ru@nginx.com> parents: 110 diff changeset	1 <?xml version="1.0"?>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	2
580 be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 538 diff changeset	3 <!--
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 538 diff changeset	4 Copyright (C) Igor Sysoev
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 538 diff changeset	5 Copyright (C) Nginx, Inc.
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 538 diff changeset	6 -->
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 538 diff changeset	7
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	9
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	10 <module name="Модуль ngx_http_ssl_module"
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	11 link="/ru/docs/http/ngx_http_ssl_module.html"
589 764fbac1b8b4 Added document revision. Ruslan Ermilov <ru@nginx.com> parents: 580 diff changeset	12 lang="ru"
2769 16f6fa718be2 Updated TLSv1.3 support notes. Sergey Kandaurov <pluknet@nginx.com> parents: 2735 diff changeset	13 rev="54">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	14
110 40eec261c2a6 Added proper support for anonymous sections, notably for the summary. Ruslan Ermilov <ru@nginx.com> parents: 106 diff changeset	15 <section id="summary">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	16
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	17 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	18 Модуль <literal>ngx_http_ssl_module</literal> обеспечивает работу
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	19 по протоколу HTTPS.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	20 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	21
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	22 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	23 По умолчанию этот модуль не собирается, его сборку необходимо
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	24 разрешить с помощью конфигурационного параметра
271 4c6d2c614d2c Cleaned up XML tag mess: Ruslan Ermilov <ru@nginx.com> parents: 222 diff changeset	25 <literal>--with-http_ssl_module</literal>.
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	26 <note>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	27 Для сборки и работы этого модуля нужна библиотека
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	28 <link url="http://www.openssl.org">OpenSSL</link>.
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	29 </note>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	30 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	31
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	32 </section>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	33
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	34
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	35 <section id="example" name="Пример конфигурации">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	36
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	37 <para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	38 Для уменьшения загрузки процессора рекомендуется
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	39 <list type="bullet">
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	40
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	41 <listitem>
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	42 установить число
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	43 <link doc="../ngx_core_module.xml" id="worker_processes">рабочих процессов</link>
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	44 равным числу процессоров,
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	45 </listitem>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	46
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	47 <listitem>
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	48 разрешить
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	49 <link doc="ngx_http_core_module.xml" id="keepalive_timeout">keep-alive</link>
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	50 соединения,
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	51 </listitem>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	52
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	53 <listitem>
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	54 включить <link id="ssl_session_cache_shared">разделяемый</link> кэш сессий,
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	55 </listitem>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	56
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	57 <listitem>
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	58 выключить <link id="ssl_session_cache_builtin">встроенный</link> кэш сессий
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	59 </listitem>
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	60
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	61 <listitem>
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	62 и, возможно, увеличить <link id="ssl_session_timeout">время жизни</link> сессии
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	63 (по умолчанию 5 минут):
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	64 </listitem>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	65
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	66 </list>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	67
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	68 <example>
817 4fecf0715bbf Introducing "worker_processes auto" in SSL configuration examples. Andrei Belov <defan@nginx.com> parents: 801 diff changeset	69 <emphasis>worker_processes auto;</emphasis>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	70
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	71 http {
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	72
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	73 ...
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	74
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	75 server {
801 b95a6d779c89 Documented that "listen ... ssl" is preferred over "ssl on". Ruslan Ermilov <ru@nginx.com> parents: 763 diff changeset	76 listen 443 ssl;
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	77 <emphasis>keepalive_timeout 70;</emphasis>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	78
1411 8fe28c6edaa1 Removed SSLv3 from ssl_protocols parameters list as insecure example. Sergey Budnevitch <sb@waeme.net> parents: 1239 diff changeset	79 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	80 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	81 ssl_certificate /usr/local/nginx/conf/cert.pem;
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	82 ssl_certificate_key /usr/local/nginx/conf/cert.key;
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	83 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	84 <emphasis>ssl_session_timeout 10m;</emphasis>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	85
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	86 ...
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	87 }
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	88 </example>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	89 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	90
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	91 </section>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	92
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	93
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	94 <section id="directives" name="Директивы">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	95
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	96 <directive name="ssl">
271 4c6d2c614d2c Cleaned up XML tag mess: Ruslan Ermilov <ru@nginx.com> parents: 222 diff changeset	97 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	98 <default>off</default>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	99 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	100 <context>server</context>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	101
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	102 <para>
2168 3535437f97d2 Deprecated the "ssl" directive for http and mail. Yaroslav Zhuravlev <yar@nginx.com> parents: 2162 diff changeset	103 Эта директива устарела в версии 1.15.0.
3535437f97d2 Deprecated the "ssl" directive for http and mail. Yaroslav Zhuravlev <yar@nginx.com> parents: 2162 diff changeset	104 Вместо неё следует
3535437f97d2 Deprecated the "ssl" directive for http and mail. Yaroslav Zhuravlev <yar@nginx.com> parents: 2162 diff changeset	105 использовать параметр <literal>ssl</literal>
3535437f97d2 Deprecated the "ssl" directive for http and mail. Yaroslav Zhuravlev <yar@nginx.com> parents: 2162 diff changeset	106 директивы <link doc="ngx_http_core_module.xml" id="listen"/>.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	107 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	108
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	109 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	110
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	111
1039 f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	112 <directive name="ssl_buffer_size">
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	113 <syntax><value>size</value></syntax>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	114 <default>16k</default>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	115 <context>http</context>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	116 <context>server</context>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	117 <appeared-in>1.5.9</appeared-in>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	118
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	119 <para>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	120 Задаёт размер буфера, используемого при отправке данных.
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	121 </para>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	122
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	123 <para>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	124 По умолчанию размер буфера равен 16k, что соответствует минимальным
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	125 накладным расходам при передаче больших ответов.
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	126 С целью минимизации времени получения начала ответа (Time To First Byte)
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	127 может быть полезно использовать меньшие значения,
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	128 например:
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	129 <example>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	130 ssl_buffer_size 4k;
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	131 </example>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	132 </para>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	133
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	134 </directive>
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	135
f7ca80263893 Documented the "ssl_buffer_size" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1020 diff changeset	136
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	137 <directive name="ssl_certificate">
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	138 <syntax><value>файл</value></syntax>
99 1d315ef37215 The case <default/> is now language-agnostic. Ruslan Ermilov <ru@nginx.com> parents: 98 diff changeset	139 <default/>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	140 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	141 <context>server</context>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	142
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	143 <para>
715 3f25469cbc49 Highlighted 'file' parameters in the http_ssl_module directives. Vladimir Homutov <vl@nginx.com> parents: 713 diff changeset	144 Указывает <value>файл</value> с сертификатом в формате PEM
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	145 для данного виртуального сервера.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	146 Если вместе с основным сертификатом нужно указать промежуточные,
713 1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	147 то они должны находиться в этом же файле в следующем порядке: сначала
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	148 основной сертификат, а затем промежуточные.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	149 В этом же файле может находиться секретный ключ в формате PEM.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	150 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	151
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	152 <para>
1726 a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	153 Начиная с версии 1.11.0
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	154 эта директива может быть указана несколько раз
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	155 для загрузки сертификатов разных типов, например RSA и ECDSA:
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	156 <example>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	157 server {
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	158 listen 443 ssl;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	159 server_name example.com;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	160
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	161 ssl_certificate example.com.rsa.crt;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	162 ssl_certificate_key example.com.rsa.key;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	163
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	164 ssl_certificate example.com.ecdsa.crt;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	165 ssl_certificate_key example.com.ecdsa.key;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	166
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	167 ...
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	168 }
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	169 </example>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	170 <note>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	171 Возможность задавать отдельные
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	172 <link doc="configuring_https_servers.xml" id="chains">цепочки
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	173 сертификатов</link>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	174 для разных сертификатов есть только в OpenSSL 1.0.2 и выше.
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	175 Для более старых версий следует указывать только одну цепочку сертификатов.
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	176 </note>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	177 </para>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	178
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1725 diff changeset	179 <para>
2334 dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	180 Начиная с версии 1.15.9 в имени файла можно использовать переменные
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	181 при использовании OpenSSL 1.0.2 и выше:
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	182 <example>
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	183 ssl_certificate $ssl_server_name.crt;
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	184 ssl_certificate_key $ssl_server_name.key;
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	185 </example>
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	186 Однако нужно учитывать, что при использовании переменных
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	187 сертификат загружается при каждой операции SSL handshake,
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	188 что может отрицательно влиять на производительность.
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	189 </para>
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	190
2350 8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	191 <para id="ssl_certificate_data">
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	192 Вместо <value>файла</value> можно указать значение
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	193 <literal>data</literal>:<value>$переменная</value> (1.15.10),
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	194 при котором сертификат загружается из переменной
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	195 без использования промежуточных файлов.
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	196 При этом следует учитывать, что ненадлежащее использование
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	197 подобного синтаксиса может быть небезопасно,
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	198 например данные секретного ключа могут попасть в
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	199 <link doc="../ngx_core_module.xml" id="error_log">лог ошибок</link>.
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	200 </para>
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	201
2334 dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	202 <para>
280 cbb789d3ce5e Fixed grammar error. Ruslan Ermilov <ru@nginx.com> parents: 271 diff changeset	203 Нужно иметь в виду, что из-за ограничения протокола HTTPS
2040 093855e77388 Updated info about SNI. Yaroslav Zhuravlev <yar@nginx.com> parents: 2027 diff changeset	204 для максимальной совместимости виртуальные серверы должны слушать на
093855e77388 Updated info about SNI. Yaroslav Zhuravlev <yar@nginx.com> parents: 2027 diff changeset	205 <link doc="configuring_https_servers.xml" id="name_based_https_servers">разных
093855e77388 Updated info about SNI. Yaroslav Zhuravlev <yar@nginx.com> parents: 2027 diff changeset	206 IP-адресах</link>.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	207 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	208
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	209 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	210
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	211
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	212 <directive name="ssl_certificate_key">
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	213 <syntax><value>файл</value></syntax>
99 1d315ef37215 The case <default/> is now language-agnostic. Ruslan Ermilov <ru@nginx.com> parents: 98 diff changeset	214 <default/>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	215 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	216 <context>server</context>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	217
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	218 <para>
715 3f25469cbc49 Highlighted 'file' parameters in the http_ssl_module directives. Vladimir Homutov <vl@nginx.com> parents: 713 diff changeset	219 Указывает <value>файл</value> с секретным ключом в формате PEM
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	220 для данного виртуального сервера.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	221 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	222
1456 acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1428 diff changeset	223 <para>
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1428 diff changeset	224 Вместо <value>файла</value> можно указать значение
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1428 diff changeset	225 <literal>engine</literal>:<value>имя</value>:<value>id</value> (1.7.9),
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1428 diff changeset	226 которое загружает ключ с указанным <value>id</value>
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1428 diff changeset	227 из OpenSSL engine с заданным <value>именем</value>.
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1428 diff changeset	228 </para>
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1428 diff changeset	229
2350 8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	230 <para id="ssl_certificate_key_data">
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	231 Вместо <value>файла</value> можно указать значение
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	232 <literal>data</literal>:<value>$переменная</value> (1.15.10),
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	233 при котором секретный ключ загружается из переменной
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	234 без использования промежуточных файлов.
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	235 При этом следует учитывать, что ненадлежащее использование
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	236 подобного синтаксиса может быть небезопасно,
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	237 например данные секретного ключа могут попасть в
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	238 <link doc="../ngx_core_module.xml" id="error_log">лог ошибок</link>.
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	239 </para>
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2334 diff changeset	240
2334 dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	241 <para>
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	242 Начиная с версии 1.15.9 в имени файла можно использовать переменные
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	243 при использовании OpenSSL 1.0.2 и выше.
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	244 </para>
dbe55598d3f6 Added variables support in ssl_certificate and ssl_certificate_key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	245
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	246 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	247
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	248
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	249 <directive name="ssl_ciphers">
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	250 <syntax><value>шифры</value></syntax>
538 58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	251 <default>HIGH:!aNULL:!MD5</default>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	252 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	253 <context>server</context>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	254
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	255 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	256 Описывает разрешённые шифры.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	257 Шифры задаются в формате, поддерживаемом библиотекой
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	258 OpenSSL, например:
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	259 <example>
538 58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	260 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	261 </example>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	262 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	263
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	264 <para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	265 Полный список можно посмотреть с помощью команды
271 4c6d2c614d2c Cleaned up XML tag mess: Ruslan Ermilov <ru@nginx.com> parents: 222 diff changeset	266 “<command>openssl ciphers</command>”.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	267 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	268
538 58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	269 <para>
58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	270 <note>
58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	271 В предыдущих версиях nginx по умолчанию использовались
58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	272 <link doc="configuring_https_servers.xml" id="compatibility">другие</link>
58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	273 шифры.
58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	274 </note>
58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	275 </para>
58dd64aef626 Documented ciphers used by default in modern nginx versions (closes #177). Ruslan Ermilov <ru@nginx.com> parents: 393 diff changeset	276
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	277 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	278
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	279
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	280 <directive name="ssl_client_certificate">
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	281 <syntax><value>файл</value></syntax>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	282 <default/>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	283 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	284 <context>server</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	285
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	286 <para>
715 3f25469cbc49 Highlighted 'file' parameters in the http_ssl_module directives. Vladimir Homutov <vl@nginx.com> parents: 713 diff changeset	287 Указывает <value>файл</value> с доверенными сертификатами CA в формате
1428 933831d7bf0b Link to "ssl_verify_client" from client certificate directives. Sergey Kandaurov <pluknet@nginx.com> parents: 1411 diff changeset	288 PEM, которые используются для
933831d7bf0b Link to "ssl_verify_client" from client certificate directives. Sergey Kandaurov <pluknet@nginx.com> parents: 1411 diff changeset	289 <link id="ssl_verify_client">проверки</link> клиентских сертификатов и
713 1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	290 ответов OCSP, если включён <link id="ssl_stapling"/>.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	291 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	292
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	293 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	294 Список сертификатов будет отправляться клиентам.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	295 Если это нежелательно, можно воспользоваться директивой
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	296 <link id="ssl_trusted_certificate"/>.
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	297 </para>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	298
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	299 </directive>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	300
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	301
2616 d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	302 <directive name="ssl_conf_command">
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	303 <syntax><value>command</value></syntax>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	304 <default/>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	305 <context>http</context>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	306 <context>server</context>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	307 <appeared-in>1.19.4</appeared-in>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	308
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	309 <para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	310 Задаёт произвольные конфигурационные
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	311 <link url="https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html">команды</link>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	312 OpenSSL.
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	313 <note>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	314 Директива поддерживается при использовании OpenSSL 1.0.2 и выше.
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	315 </note>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	316 </para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	317
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	318 <para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	319 На одном уровне может быть указано
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	320 несколько директив <literal>ssl_conf_command</literal>:
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	321 <example>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	322 ssl_conf_command Options PrioritizeChaCha;
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	323 ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	324 </example>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	325 Директивы наследуются с предыдущего уровня конфигурации при условии, что
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	326 на данном уровне не описаны свои директивы <literal>ssl_conf_command</literal>.
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	327 </para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	328
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	329 <para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	330 <note>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	331 Следует учитывать, что изменение настроек OpenSSL напрямую
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	332 может привести к неожиданному поведению.
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	333 </note>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	334 </para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	335
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	336 </directive>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	337
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2548 diff changeset	338
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	339 <directive name="ssl_crl">
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	340 <syntax><value>файл</value></syntax>
99 1d315ef37215 The case <default/> is now language-agnostic. Ruslan Ermilov <ru@nginx.com> parents: 98 diff changeset	341 <default/>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	342 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	343 <context>server</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	344 <appeared-in>0.8.7</appeared-in>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	345
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	346 <para>
715 3f25469cbc49 Highlighted 'file' parameters in the http_ssl_module directives. Vladimir Homutov <vl@nginx.com> parents: 713 diff changeset	347 Указывает <value>файл</value> с отозванными сертификатами (CRL)
1428 933831d7bf0b Link to "ssl_verify_client" from client certificate directives. Sergey Kandaurov <pluknet@nginx.com> parents: 1411 diff changeset	348 в формате PEM, используемыми для
933831d7bf0b Link to "ssl_verify_client" from client certificate directives. Sergey Kandaurov <pluknet@nginx.com> parents: 1411 diff changeset	349 <link id="ssl_verify_client">проверки</link> клиентских сертификатов.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	350 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	351
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	352 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	353
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	354
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	355 <directive name="ssl_dhparam">
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	356 <syntax><value>файл</value></syntax>
99 1d315ef37215 The case <default/> is now language-agnostic. Ruslan Ermilov <ru@nginx.com> parents: 98 diff changeset	357 <default/>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	358 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	359 <context>server</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	360 <appeared-in>0.7.2</appeared-in>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	361
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	362 <para>
1706 6f5497797cde Changed "EDH ciphers" to "DHE ciphers". Maxim Dounin <mdounin@mdounin.ru> parents: 1522 diff changeset	363 Указывает <value>файл</value> с параметрами для DHE-шифров.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	364 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	365
2296 e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2241 diff changeset	366 <para>
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2241 diff changeset	367 По умолчанию параметры не заданы,
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2241 diff changeset	368 и соответственно DHE-шифры не будут использоваться.
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2241 diff changeset	369 <note>
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2241 diff changeset	370 До версии 1.11.0 по умолчанию использовались встроенные параметры.
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2241 diff changeset	371 </note>
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2241 diff changeset	372 </para>
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2241 diff changeset	373
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	374 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	375
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	376
2219 f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	377 <directive name="ssl_early_data">
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	378 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	379 <default>off</default>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	380 <context>http</context>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	381 <context>server</context>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	382 <appeared-in>1.15.3</appeared-in>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	383
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	384 <para>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	385 Разрешает или запрещает TLS 1.3
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	386 <link url="https://tools.ietf.org/html/rfc8446#section-2.3">early data</link>.
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	387 <note>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	388 Запросы, отправленные внутри early data, могут быть подвержены
2238 0761b770a94e RFC8470. Sergey Kandaurov <pluknet@nginx.com> parents: 2234 diff changeset	389 <link url="https://tools.ietf.org/html/rfc8470">атакам повторного воспроизведения</link> (replay).
2234 20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	390 Для защиты от подобных атак на уровне приложения
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	391 необходимо использовать
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	392 переменную <link id="var_ssl_early_data">$ssl_early_data</link>.
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	393 </note>
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	394
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	395 <example>
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	396 proxy_set_header Early-Data $ssl_early_data;
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	397 </example>
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	398
20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	399 <note>
2241 b7ac730b96f3 Documented TLS 1.3 early data support with OpenSSL. Sergey Kandaurov <pluknet@nginx.com> parents: 2238 diff changeset	400 Директива поддерживается при использовании OpenSSL 1.1.1 и выше (1.15.4) или
2234 20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	401 <link url="https://boringssl.googlesource.com/boringssl/">BoringSSL</link>.
2219 f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	402 </note>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	403 </para>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	404
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	405 </directive>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	406
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	407
1054 c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	408 <directive name="ssl_ecdh_curve">
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	409 <syntax><value>кривая</value></syntax>
1711 38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	410 <default>auto</default>
1054 c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	411 <context>http</context>
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	412 <context>server</context>
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	413 <appeared-in>1.1.0</appeared-in>
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	414 <appeared-in>1.0.6</appeared-in>
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	415
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	416 <para>
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	417 Задаёт кривую для ECDHE-шифров.
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	418 </para>
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	419
1711 38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	420 <para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	421 При использовании OpenSSL 1.0.2 и выше
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	422 можно указывать несколько кривых (1.11.0), например:
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	423 <example>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	424 ssl_ecdh_curve prime256v1:secp384r1;
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	425 </example>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	426 </para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	427
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	428 <para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	429 Специальное значение <literal>auto</literal> (1.11.0) соответствует
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	430 встроенному в библиотеку OpenSSL списку кривых для OpenSSL 1.0.2 и выше,
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	431 или <literal>prime256v1</literal> для более старых версий.
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	432 </para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	433
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	434 <para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	435 <note>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	436 До версии 1.11.0
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	437 по умолчанию использовалась кривая <literal>prime256v1</literal>.
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	438 </note>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	439 </para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	440
2648 78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	441 <para>
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	442 <note>
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	443 При использовании OpenSSL 1.0.2 и выше
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	444 директива задаёт список кривых, поддерживаемых сервером.
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	445 Поэтому для работы ECDSA-сертификатов
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	446 важно, чтобы список включал кривые, используемые в сертификатах.
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	447 </note>
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	448 </para>
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	449
1054 c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	450 </directive>
c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	451
2648 78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2618 diff changeset	452
2548 ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	453 <directive name="ssl_ocsp">
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	454 <syntax><literal>on</literal> \|
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	455 <literal>off</literal> \|
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	456 <literal>leaf</literal></syntax>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	457 <default>off</default>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	458 <context>http</context>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	459 <context>server</context>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	460 <appeared-in>1.19.0</appeared-in>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	461
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	462 <para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	463 Включает проверку OCSP для цепочки клиентских сертификатов.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	464 Параметр <literal>leaf</literal>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	465 включает проверку только клиентского сертификата.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	466 </para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	467
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	468 <para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	469 Для работы проверки OCSP
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	470 необходимо дополнительно установить значение директивы
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	471 <link id="ssl_verify_client"/> в
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	472 <literal>on</literal> или <literal>optional</literal>.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	473 </para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	474
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	475 <para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	476 Для преобразования имени хоста OCSP responder’а в адрес необходимо
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	477 дополнительно задать директиву
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	478 <link doc="ngx_http_core_module.xml" id="resolver"/>.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	479 </para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	480
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	481 <para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	482 Пример:
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	483 <example>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	484 ssl_verify_client on;
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	485 ssl_ocsp on;
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	486 resolver 192.0.2.1;
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	487 </example>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	488 </para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	489
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	490 </directive>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	491
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	492
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	493 <directive name="ssl_ocsp_cache">
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	494 <syntax>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	495 <literal>off</literal> \|
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	496 [<literal>shared</literal>:<value>имя</value>:<value>размер</value>]</syntax>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	497 <default>off</default>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	498 <context>http</context>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	499 <context>server</context>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	500 <appeared-in>1.19.0</appeared-in>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	501
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	502 <para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	503 Задаёт <literal>имя</literal> и <literal>размер</literal> кэша,
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	504 который хранит статус клиентских сертификатов для проверки OCSP-ответов.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	505 Кэш разделяется между всеми рабочими процессами.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	506 Кэш с одинаковым названием может использоваться в нескольких
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	507 виртуальных серверах.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	508 </para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	509
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	510 <para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	511 Параметр <literal>off</literal> запрещает использование кэша.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	512 </para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	513
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	514 </directive>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	515
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	516
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	517 <directive name="ssl_ocsp_responder">
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	518 <syntax><value>url</value></syntax>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	519 <default/>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	520 <context>http</context>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	521 <context>server</context>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	522 <appeared-in>1.19.0</appeared-in>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	523
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	524 <para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	525 Переопределяет URL OCSP responder’а, указанный в расширении сертификата
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	526 “<link url="https://tools.ietf.org/html/rfc5280#section-4.2.2.1">Authority
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	527 Information Access</link>”
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	528 для <link id="ssl_ocsp">проверки</link> клиентских сертификатов.
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	529 </para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	530
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	531 <para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	532 Поддерживаются только “<literal>http://</literal>” OCSP responder’ы:
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	533 <example>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	534 ssl_ocsp_responder http://ocsp.example.com/;
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	535 </example>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	536 </para>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	537
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	538 </directive>
ffc4083f5c7e Documented ssl_ocsp, ssl_ocsp_cache, ssl_ocsp_responder directives. Yaroslav Zhuravlev <yar@nginx.com> parents: 2460 diff changeset	539
1054 c5793e5c30d4 Documented the "ssl_ecdh_curve" directive. Maxim Dounin <mdounin@mdounin.ru> parents: 1039 diff changeset	540
1239 35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	541 <directive name="ssl_password_file">
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	542 <syntax><value>файл</value></syntax>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	543 <default/>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	544 <context>http</context>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	545 <context>server</context>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	546 <appeared-in>1.7.3</appeared-in>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	547
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	548 <para>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	549 Задаёт <value>файл</value> с паролями от
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	550 <link id="ssl_certificate_key">секретных ключей</link>,
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	551 где каждый пароль указан на отдельной строке.
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	552 Пароли применяются по очереди в момент загрузки ключа.
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	553 </para>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	554
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	555 <para>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	556 Пример:
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	557 <example>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	558 http {
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	559 ssl_password_file /etc/keys/global.pass;
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	560 ...
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	561
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	562 server {
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	563 server_name www1.example.com;
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	564 ssl_certificate_key /etc/keys/first.key;
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	565 }
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	566
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	567 server {
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	568 server_name www2.example.com;
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	569
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	570 # вместо файла можно указать именованный канал
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	571 ssl_password_file /etc/keys/fifo;
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	572 ssl_certificate_key /etc/keys/second.key;
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	573 }
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	574 }
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	575 </example>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	576 </para>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	577
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	578 </directive>
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	579
35cf5dca5fa4 SSL: added the ssl_password_file directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1201 diff changeset	580
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	581 <directive name="ssl_prefer_server_ciphers">
271 4c6d2c614d2c Cleaned up XML tag mess: Ruslan Ermilov <ru@nginx.com> parents: 222 diff changeset	582 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	583 <default>off</default>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	584 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	585 <context>server</context>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	586
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	587 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	588 Указывает, чтобы при использовании протоколов SSLv3 и TLS
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	589 серверные шифры были более приоритетны, чем клиентские.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	590 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	591
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	592 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	593
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	594
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	595 <directive name="ssl_protocols">
314 95d5dc7c9884 Documented the new "TLSv1.1" and "TLSv1.2" parameters of the Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	596 <syntax>
95d5dc7c9884 Documented the new "TLSv1.1" and "TLSv1.2" parameters of the Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	597 [<literal>SSLv2</literal>]
95d5dc7c9884 Documented the new "TLSv1.1" and "TLSv1.2" parameters of the Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	598 [<literal>SSLv3</literal>]
95d5dc7c9884 Documented the new "TLSv1.1" and "TLSv1.2" parameters of the Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	599 [<literal>TLSv1</literal>]
95d5dc7c9884 Documented the new "TLSv1.1" and "TLSv1.2" parameters of the Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	600 [<literal>TLSv1.1</literal>]
1978 8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1923 diff changeset	601 [<literal>TLSv1.2</literal>]
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1923 diff changeset	602 [<literal>TLSv1.3</literal>]</syntax>
1499 3687cc9a3592 Removed SSLv3 from the default value of ssl_protocols and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1456 diff changeset	603 <default>TLSv1 TLSv1.1 TLSv1.2</default>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	604 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	605 <context>server</context>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	606
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	607 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	608 Разрешает указанные протоколы.
314 95d5dc7c9884 Documented the new "TLSv1.1" and "TLSv1.2" parameters of the Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	609 <note>
1978 8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1923 diff changeset	610 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal>
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1923 diff changeset	611 (1.1.13, 1.0.12) работают только при использовании OpenSSL 1.0.1 и выше.
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1923 diff changeset	612 </note>
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1923 diff changeset	613 <note>
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1923 diff changeset	614 Параметр <literal>TLSv1.3</literal> (1.13.0) работает только
2769 16f6fa718be2 Updated TLSv1.3 support notes. Sergey Kandaurov <pluknet@nginx.com> parents: 2735 diff changeset	615 при использовании OpenSSL 1.1.1 и выше.
314 95d5dc7c9884 Documented the new "TLSv1.1" and "TLSv1.2" parameters of the Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	616 </note>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	617 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	618
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	619 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	620
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	621
2618 0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	622 <directive name="ssl_reject_handshake">
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	623 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	624 <default>off</default>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	625 <context>http</context>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	626 <context>server</context>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	627 <appeared-in>1.19.4</appeared-in>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	628
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	629 <para>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	630 Если разрешено, то операции SSL handshake в
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	631 блоке <link doc="ngx_http_core_module.xml" id="server"/> будут отклонены.
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	632 </para>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	633
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	634 <para>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	635 Например в этой конфигурации отклоняются все операции SSL handshake с
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	636 именем сервера, отличным от <literal>example.com</literal>:
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	637 <example>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	638 server {
2718 fb41de2d765a Added default_server to ssl_reject_handshake example. Yaroslav Zhuravlev <yar@nginx.com> parents: 2648 diff changeset	639 listen 443 ssl default_server;
2618 0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	640 ssl_reject_handshake on;
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	641 }
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	642
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	643 server {
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	644 listen 443 ssl;
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	645 server_name example.com;
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	646 ssl_certificate example.com.crt;
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	647 ssl_certificate_key example.com.key;
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	648 }
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	649 </example>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	650 </para>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	651
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	652 </directive>
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	653
0b98a81f196b Documented the ssl_reject_handshake directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	654
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	655 <directive name="ssl_session_cache">
271 4c6d2c614d2c Cleaned up XML tag mess: Ruslan Ermilov <ru@nginx.com> parents: 222 diff changeset	656 <syntax>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	657 <literal>off</literal> \|
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	658 <literal>none</literal> \|
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	659 [<literal>builtin</literal>[:<value>размер</value>]]
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	660 [<literal>shared</literal>:<value>название</value>:<value>размер</value>]</syntax>
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	661 <default>none</default>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	662 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	663 <context>server</context>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	664
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	665 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	666 Задаёт тип и размеры кэшей для хранения параметров сессий.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	667 Тип кэша может быть следующим:
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	668 <list type="tag">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	669
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	670 <tag-name><literal>off</literal></tag-name>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	671 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	672 жёсткое запрещение использования кэша сессий:
1522 ee91c95fca48 Corrected Russian translation of the ssl_session_cache directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	673 nginx явно сообщает клиенту, что сессии не могут использоваться повторно.
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	674 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	675
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	676 <tag-name><literal>none</literal></tag-name>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	677 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	678 мягкое запрещение использования кэша сессий:
1522 ee91c95fca48 Corrected Russian translation of the ssl_session_cache directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	679 nginx сообщает клиенту, что сессии могут использоваться повторно, но
966 95c3c3bbf1ce Text review. Egor Nikitin <yegor.nikitin@gmail.com> parents: 817 diff changeset	680 на самом деле не хранит параметры сессии в кэше.
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	681 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	682
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	683 <tag-name id="ssl_session_cache_builtin"><literal>builtin</literal></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	684 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	685 встроенный в OpenSSL кэш, используется в рамках только одного рабочего процесса.
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	686 Размер кэша задаётся в сессиях.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	687 Если размер не задан, то он равен 20480 сессиям.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	688 Использование встроенного кэша может вести к фрагментации памяти.
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	689 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	690
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 2040 diff changeset	691 <tag-name id="ssl_session_cache_shared"><literal>shared</literal></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	692 <tag-desc>
966 95c3c3bbf1ce Text review. Egor Nikitin <yegor.nikitin@gmail.com> parents: 817 diff changeset	693 кэш, разделяемый между всеми рабочими процессами.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	694 Размер кэша задаётся в байтах, в 1 мегабайт может поместиться
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	695 около 4000 сессий.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	696 У каждого разделяемого кэша должно быть произвольное название.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	697 Кэш с одинаковым названием может использоваться в нескольких
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	698 виртуальных серверах.
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	699 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	700
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	701 </list>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	702 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	703
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	704 <para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	705 Можно использовать одновременно оба типа кэша, например:
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	706 <example>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	707 ssl_session_cache builtin:1000 shared:SSL:10m;
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	708 </example>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	709 однако использование только разделяемого кэша без встроенного должно
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	710 быть более эффективным.
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	711 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	712
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	713 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	714
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	715
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	716 <directive name="ssl_session_ticket_key">
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	717 <syntax><value>файл</value></syntax>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	718 <default/>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	719 <context>http</context>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	720 <context>server</context>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	721 <appeared-in>1.5.7</appeared-in>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	722
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	723 <para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	724 Задаёт <value>файл</value> с секретным ключом, применяемым при шифровании и
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	725 расшифровании TLS session tickets.
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	726 Директива необходима, если один и тот же ключ нужно использовать
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	727 на нескольких серверах.
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	728 По умолчанию используется случайно сгенерированный ключ.
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	729 </para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	730
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	731 <para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	732 Если указано несколько ключей, то только первый ключ
1020 00403cb3005a Fixed a typo. Vladimir Homutov <vl@nginx.com> parents: 1019 diff changeset	733 используется для шифрования TLS session tickets.
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	734 Это позволяет настроить ротацию ключей, например:
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	735 <example>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	736 ssl_session_ticket_key current.key;
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	737 ssl_session_ticket_key previous.key;
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	738 </example>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	739 </para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	740
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	741 <para>
1877 aa29a64a5e9d Documented ssl_session_ticket_key 80-byte keys. Maxim Dounin <mdounin@mdounin.ru> parents: 1871 diff changeset	742 <value>Файл</value> должен содержать 80 или 48 байт случайных данных
aa29a64a5e9d Documented ssl_session_ticket_key 80-byte keys. Maxim Dounin <mdounin@mdounin.ru> parents: 1871 diff changeset	743 и может быть создан следующей командой:
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	744 <example>
1877 aa29a64a5e9d Documented ssl_session_ticket_key 80-byte keys. Maxim Dounin <mdounin@mdounin.ru> parents: 1871 diff changeset	745 openssl rand 80 > ticket.key
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	746 </example>
2735 ff357b676c2e Removed trailing spaces. Maxim Dounin <mdounin@mdounin.ru> parents: 2718 diff changeset	747 В зависимости от размера файла для шифрования будет использоваться либо
1877 aa29a64a5e9d Documented ssl_session_ticket_key 80-byte keys. Maxim Dounin <mdounin@mdounin.ru> parents: 1871 diff changeset	748 AES256 (для 80-байтных ключей, 1.11.8), либо AES128 (для 48-байтных ключей).
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	749 </para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	750
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	751 </directive>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	752
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	753
1055 e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	754 <directive name="ssl_session_tickets">
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	755 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	756 <default>on</default>
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	757 <context>http</context>
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	758 <context>server</context>
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	759 <appeared-in>1.5.9</appeared-in>
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	760
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	761 <para>
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	762 Разрешает или запрещает возобновление сессий при помощи
1923 66a30a380fba Fixed links to tools.ietf.org. Ruslan Ermilov <ru@nginx.com> parents: 1877 diff changeset	763 <link url="https://tools.ietf.org/html/rfc5077">TLS session tickets</link>.
1055 e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	764 </para>
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	765
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	766 </directive>
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	767
e26a9f598e40 Documented the "ssl_session_tickets" directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1054 diff changeset	768
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	769 <directive name="ssl_session_timeout">
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	770 <syntax><value>время</value></syntax>
c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	771 <default>5m</default>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	772 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	773 <context>server</context>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	774
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	775 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	776 Задаёт время, в течение которого клиент может повторно
1785 3fa0944ddc6a Removed info about session cache from ssl_session_timeout. Yaroslav Zhuravlev <yar@nginx.com> parents: 1726 diff changeset	777 использовать параметры сессии.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	778 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	779
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	780 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	781
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	782
713 1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	783 <directive name="ssl_stapling">
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	784 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	785 <default>off</default>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	786 <context>http</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	787 <context>server</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	788 <appeared-in>1.3.7</appeared-in>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	789
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	790 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	791 Разрешает или запрещает
2162 aa5d65fe4916 Updated link to TLS Certificate Status Request extension reference. Sergey Kandaurov <pluknet@nginx.com> parents: 2068 diff changeset	792 <link url="https://tools.ietf.org/html/rfc6066#section-8">прикрепление
713 1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	793 OCSP-ответов</link> сервером.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	794 Пример:
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	795 <example>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	796 ssl_stapling on;
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	797 resolver 192.0.2.1;
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	798 </example>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	799 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	800
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	801 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	802 Для работы OCSP stapling’а должен быть известен сертификат издателя
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	803 сертификата сервера.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	804 Если в заданном директивой <link id="ssl_certificate"/>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	805 файле не содержится промежуточных сертификатов,
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	806 то сертификат издателя сертификата сервера следует поместить в файл,
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	807 заданный директивой <link id="ssl_trusted_certificate"/>.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	808 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	809
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	810 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	811 Для преобразования имени хоста OCSP responder’а в адрес необходимо
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	812 дополнительно задать директиву
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	813 <link doc="ngx_http_core_module.xml" id="resolver"/>.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	814 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	815
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	816 </directive>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	817
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	818
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	819 <directive name="ssl_stapling_file">
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	820 <syntax><value>файл</value></syntax>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	821 <default/>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	822 <context>http</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	823 <context>server</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	824 <appeared-in>1.3.7</appeared-in>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	825
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	826 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	827 Если задано, то вместо опроса OCSP responder’а,
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	828 указанного в сертификате сервера,
715 3f25469cbc49 Highlighted 'file' parameters in the http_ssl_module directives. Vladimir Homutov <vl@nginx.com> parents: 713 diff changeset	829 ответ берётся из указанного <value>файла</value>.
713 1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	830 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	831
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	832 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	833 Ответ должен быть в формате DER и может быть сгенерирован командой
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	834 “<literal>openssl ocsp</literal>”.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	835 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	836
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	837 </directive>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	838
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	839
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	840 <directive name="ssl_stapling_responder">
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	841 <syntax><value>url</value></syntax>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	842 <default/>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	843 <context>http</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	844 <context>server</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	845 <appeared-in>1.3.7</appeared-in>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	846
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	847 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	848 Переопределяет URL OCSP responder’а, указанный в расширении сертификата
1923 66a30a380fba Fixed links to tools.ietf.org. Ruslan Ermilov <ru@nginx.com> parents: 1877 diff changeset	849 “<link url="https://tools.ietf.org/html/rfc5280#section-4.2.2.1">Authority
713 1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	850 Information Access</link>”.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	851 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	852
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	853 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	854 Поддерживаются только “<literal>http://</literal>” OCSP responder’ы:
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	855 <example>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	856 ssl_stapling_responder http://ocsp.example.com/;
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	857 </example>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	858 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	859
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	860 </directive>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	861
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	862
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	863 <directive name="ssl_stapling_verify">
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	864 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	865 <default>off</default>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	866 <context>http</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	867 <context>server</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	868 <appeared-in>1.3.7</appeared-in>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	869
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	870 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	871 Разрешает или запрещает проверку сервером ответов OCSP.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	872 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	873
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	874 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	875 Для работоспособности проверки сертификат издателя сертификата сервера,
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	876 корневой сертификат и все промежуточные сертификаты должны быть указаны
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	877 как доверенные с помощью директивы
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	878 <link id="ssl_trusted_certificate"/>.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	879 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	880
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	881 </directive>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	882
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	883
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	884 <directive name="ssl_trusted_certificate">
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	885 <syntax><value>файл</value></syntax>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	886 <default/>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	887 <context>http</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	888 <context>server</context>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	889 <appeared-in>1.3.7</appeared-in>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	890
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	891 <para>
715 3f25469cbc49 Highlighted 'file' parameters in the http_ssl_module directives. Vladimir Homutov <vl@nginx.com> parents: 713 diff changeset	892 Задаёт <value>файл</value> с доверенными сертификатами CA в формате PEM,
1428 933831d7bf0b Link to "ssl_verify_client" from client certificate directives. Sergey Kandaurov <pluknet@nginx.com> parents: 1411 diff changeset	893 которые используются для <link id="ssl_verify_client">проверки</link>
933831d7bf0b Link to "ssl_verify_client" from client certificate directives. Sergey Kandaurov <pluknet@nginx.com> parents: 1411 diff changeset	894 клиентских сертификатов и ответов OCSP,
713 1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	895 если включён <link id="ssl_stapling"/>.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	896 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	897
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	898 <para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	899 В отличие от <link id="ssl_client_certificate"/>, список этих сертификатов
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	900 не будет отправляться клиентам.
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	901 </para>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	902
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	903 </directive>
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	904
1de09d81acd1 Translated OCSP docs into Russian. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	905
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	906 <directive name="ssl_verify_client">
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	907 <syntax>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	908 <literal>on</literal> \| <literal>off</literal> \|
717 c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	909 <literal>optional</literal> \| <literal>optional_no_ca</literal></syntax>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	910 <default>off</default>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	911 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	912 <context>server</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	913
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	914 <para>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	915 Разрешает проверку клиентских сертификатов.
717 c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	916 Результат проверки доступен через переменную
1871 5f156621b8b5 Added links to $ssl_client_verify and $ssl_client_cert. Yaroslav Zhuravlev <yar@nginx.com> parents: 1870 diff changeset	917 <link id="var_ssl_client_verify">$ssl_client_verify</link>.
717 c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	918 </para>
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	919
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	920 <para>
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	921 Параметр <literal>optional</literal> (0.8.7+) запрашивает клиентский
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	922 сертификат, и если сертификат был предоставлен, проверяет его.
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	923 </para>
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	924
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	925 <para>
763 cd581dbdaf76 The "optional_no_ca" parameter of the "ssl_verify_client" directive Ruslan Ermilov <ru@nginx.com> parents: 717 diff changeset	926 Параметр <literal>optional_no_ca</literal> (1.3.8, 1.2.5)
cd581dbdaf76 The "optional_no_ca" parameter of the "ssl_verify_client" directive Ruslan Ermilov <ru@nginx.com> parents: 717 diff changeset	927 запрашивает сертификат
717 c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	928 клиента, но не требует, чтобы он был подписан доверенным сертификатом CA.
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	929 Это предназначено для случаев, когда фактическая проверка сертификата
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	930 осуществляется внешним по отношению к nginx’у сервисом.
c5facf2eff6f Documented the recently added "optional_no_ca" parameter of the Ruslan Ermilov <ru@nginx.com> parents: 715 diff changeset	931 Содержимое сертификата доступно через переменную
1871 5f156621b8b5 Added links to $ssl_client_verify and $ssl_client_cert. Yaroslav Zhuravlev <yar@nginx.com> parents: 1870 diff changeset	932 <link id="var_ssl_client_cert">$ssl_client_cert</link>.
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	933 </para>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	934
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	935 </directive>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	936
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	937
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	938 <directive name="ssl_verify_depth">
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	939 <syntax><value>число</value></syntax>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	940 <default>1</default>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	941 <context>http</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	942 <context>server</context>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	943
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	944 <para>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	945 Устанавливает глубину проверки в цепочке клиентских сертификатов.
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	946 </para>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	947
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	948 </directive>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	949
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	950 </section>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	951
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	952
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	953 <section id="errors" name="Обработка ошибок">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	954
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	955 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	956 Модуль <literal>ngx_http_ssl_module</literal> поддерживает несколько
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	957 нестандартных кодов ошибок, которые можно использовать для
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	958 перенаправления с помощью директивы
106 56457a474903 If text of the link is not provided, the @id is used. Ruslan Ermilov <ru@nginx.com> parents: 102 diff changeset	959 <link doc="ngx_http_core_module.xml" id="error_page"/>:
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	960 <list type="tag">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	961
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	962 <tag-name>495</tag-name>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	963 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	964 при проверке клиентского сертификата произошла ошибка;
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	965 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	966
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	967 <tag-name>496</tag-name>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	968 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	969 клиент не предоставил требуемый сертификат;
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	970 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	971
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	972 <tag-name>497</tag-name>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	973 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	974 обычный запрос был послан на порт HTTPS.
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	975 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	976
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	977 </list>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	978 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	979
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	980 <para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	981 Перенаправление делается после того, как запрос полностью разобран
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	982 и доступны такие переменные, как <var>$request_uri</var>,
966 95c3c3bbf1ce Text review. Egor Nikitin <yegor.nikitin@gmail.com> parents: 817 diff changeset	983 <var>$uri</var>, <var>$args</var> и другие переменные.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	984 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	985
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	986 </section>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	987
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	988
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	989 <section id="variables" name="Встроенные переменные">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	990
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	991 <para>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	992 Модуль <literal>ngx_http_ssl_module</literal> поддерживает
2388 d323beea61ec An outdated adjective removed. Sergey Kandaurov <pluknet@nginx.com> parents: 2350 diff changeset	993 встроенные переменные:
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	994 <list type="tag">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	995
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	996 <tag-name id="var_ssl_cipher"><var>$ssl_cipher</var></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	997 <tag-desc>
2460 c60a8a15010c Clarified description of the $ssl_cipher variable. Sergey Kandaurov <pluknet@nginx.com> parents: 2388 diff changeset	998 возвращает название используемого шифра для установленного SSL-соединения;
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	999 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1000
1857 0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1001 <tag-name id="var_ssl_ciphers"><var>$ssl_ciphers</var></tag-name>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1002 <tag-desc>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1003 возвращает список шифров, поддерживаемых клиентом (1.11.7).
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1004 Известные шифры указаны по имени, неизвестные указаны в шестнадцатеричном виде,
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1005 например:
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1006 <example>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1007 AES128-SHA:AES256-SHA:0x00ff
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1008 </example>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1009 <note>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1010 Переменная полностью поддерживается при использовании OpenSSL версии 1.0.2
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1011 и выше.
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1012 При использовании более старых версий переменная доступна
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1013 только для новых сессий и может содержать только известные шифры.
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1014 </note>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1015 </tag-desc>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1016
2027 dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1017 <tag-name id="var_ssl_client_escaped_cert"><var>$ssl_client_escaped_cert</var></tag-name>
dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1018 <tag-desc>
dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1019 возвращает клиентский сертификат в формате PEM
dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1020 (закодирован в формате urlencode) для установленного SSL-соединения (1.13.5);
dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1021 </tag-desc>
dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1022
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	1023 <tag-name id="var_ssl_client_cert"><var>$ssl_client_cert</var></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1024 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1025 возвращает клиентский сертификат
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1026 для установленного SSL-соединения в формате PEM
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1027 перед каждой строкой которого, кроме первой, вставляется символ табуляции;
383 a73fa21add8a Removed a misleading sentence. Ruslan Ermilov <ru@nginx.com> parents: 379 diff changeset	1028 предназначена для использования в директиве
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1029 <link doc="ngx_http_proxy_module.xml" id="proxy_set_header"/>;
2027 dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1030 <note>
dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1031 Переменная устарела, вместо неё следует использовать
dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1032 переменную <var>$ssl_client_escaped_cert</var>.
dabca59da4ce Documented the $ssl_client_escaped_cert variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	1033 </note>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1034 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1035
1201 db4b017b5796 SSL: documented the ssl_client_fingerprint variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1167 diff changeset	1036 <tag-name id="var_ssl_client_fingerprint"><var>$ssl_client_fingerprint</var></tag-name>
db4b017b5796 SSL: documented the ssl_client_fingerprint variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1167 diff changeset	1037 <tag-desc>
db4b017b5796 SSL: documented the ssl_client_fingerprint variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1167 diff changeset	1038 возвращает SHA1-отпечаток клиентского сертификата
db4b017b5796 SSL: documented the ssl_client_fingerprint variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1167 diff changeset	1039 для установленного SSL-соединения (1.7.1);
db4b017b5796 SSL: documented the ssl_client_fingerprint variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1167 diff changeset	1040 </tag-desc>
db4b017b5796 SSL: documented the ssl_client_fingerprint variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1167 diff changeset	1041
1870 fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1042 <tag-name id="var_ssl_client_i_dn"><var>$ssl_client_i_dn</var></tag-name>
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1043 <tag-desc>
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1044 возвращает строку “issuer DN” клиентского сертификата
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1045 для установленного SSL-соединения согласно
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1046 <link url="https://tools.ietf.org/html/rfc2253">RFC 2253</link> (1.11.6);
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1047 </tag-desc>
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1048
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1049 <tag-name id="var_ssl_client_i_dn_legacy"><var>$ssl_client_i_dn_legacy</var></tag-name>
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1050 <tag-desc>
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1051 возвращает строку “issuer DN” клиентского сертификата
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1052 для установленного SSL-соединения;
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1053 <note>
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1054 До версии 1.11.6 переменная называлась <var>$ssl_client_s_dn</var>.
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1055 </note>
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1056 </tag-desc>
fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1057
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	1058 <tag-name id="var_ssl_client_raw_cert"><var>$ssl_client_raw_cert</var>
07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	1059 </tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1060 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1061 возвращает клиентский сертификат
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1062 для установленного SSL-соединения в формате PEM;
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1063 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1064
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	1065 <tag-name id="var_ssl_client_s_dn"><var>$ssl_client_s_dn</var></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1066 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1067 возвращает строку “subject DN” клиентского сертификата
1824 e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1068 для установленного SSL-соединения согласно
e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1069 <link url="https://tools.ietf.org/html/rfc2253">RFC 2253</link> (1.11.6);
e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1070 </tag-desc>
e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1071
e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1072 <tag-name id="var_ssl_client_s_dn_legacy"><var>$ssl_client_s_dn_legacy</var></tag-name>
e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1073 <tag-desc>
e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1074 возвращает строку “subject DN” клиентского сертификата
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1075 для установленного SSL-соединения;
1824 e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1076 <note>
e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1077 До версии 1.11.6 переменная называлась <var>$ssl_client_s_dn</var>.
e8811a423130 Added RFC2253-compliant $ssl_client_s_dn, $ssl_client_i_dn and legacy vars. Yaroslav Zhuravlev <yar@nginx.com> parents: 1785 diff changeset	1078 </note>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1079 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1080
1870 fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1081 <tag-name id="var_ssl_client_serial"><var>$ssl_client_serial</var></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1082 <tag-desc>
1870 fa7542e40381 Relocated $ssl_client_i_dn, $ssl_client_i_dn_legacy, $ssl_client_serial. Yaroslav Zhuravlev <yar@nginx.com> parents: 1863 diff changeset	1083 возвращает серийный номер клиентского сертификата
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1084 для установленного SSL-соединения;
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1085 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1086
1855 2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1087 <tag-name id="var_ssl_client_v_end"><var>$ssl_client_v_end</var></tag-name>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1088 <tag-desc>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1089 возвращает дату окончания срока действия клиентского сертификата (1.11.7);
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1090 </tag-desc>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1091
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1092 <tag-name id="var_ssl_client_v_remain"><var>$ssl_client_v_remain</var></tag-name>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1093 <tag-desc>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1094 возвращает число дней,
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1095 оставшихся до истечения срока действия клиентского сертификата (1.11.7);
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1096 </tag-desc>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1097
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1098 <tag-name id="var_ssl_client_v_start"><var>$ssl_client_v_start</var></tag-name>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1099 <tag-desc>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1100 возвращает дату начала срока действия клиентского сертификата (1.11.7);
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1101 </tag-desc>
2ef67c4d2226 Documented $ssl_client_v_end, $ssl_client_v_start, $ssl_client_v_remain variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1824 diff changeset	1102
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	1103 <tag-name id="var_ssl_client_verify"><var>$ssl_client_verify</var></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1104 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1105 возвращает результат проверки клиентского сертификата:
1856 7133004fa5b3 $ssl_client_verify extended with a failure reason. Yaroslav Zhuravlev <yar@nginx.com> parents: 1855 diff changeset	1106 “<literal>SUCCESS</literal>”, “<literal>FAILED:</literal><value>reason</value>”
1863 fef4ab2d990c Removed unnecessary version for "FAILED:reason" in $ssl_client_verify. Yaroslav Zhuravlev <yar@nginx.com> parents: 1857 diff changeset	1107 и, если сертификат не был предоставлен, “<literal>NONE</literal>”;
1856 7133004fa5b3 $ssl_client_verify extended with a failure reason. Yaroslav Zhuravlev <yar@nginx.com> parents: 1855 diff changeset	1108 <note>
7133004fa5b3 $ssl_client_verify extended with a failure reason. Yaroslav Zhuravlev <yar@nginx.com> parents: 1855 diff changeset	1109 До версии 1.11.7 результат “<literal>FAILED</literal>”
7133004fa5b3 $ssl_client_verify extended with a failure reason. Yaroslav Zhuravlev <yar@nginx.com> parents: 1855 diff changeset	1110 не содержал строку <value>reason</value>.
7133004fa5b3 $ssl_client_verify extended with a failure reason. Yaroslav Zhuravlev <yar@nginx.com> parents: 1855 diff changeset	1111 </note>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1112 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1113
1857 0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1114 <tag-name id="var_ssl_curves"><var>$ssl_curves</var></tag-name>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1115 <tag-desc>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1116 возвращает список кривых, поддерживаемых клиентом (1.11.7).
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1117 Известные кривые указаны по имени, неизвестные указаны в шестнадцатеричном виде,
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1118 например:
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1119 <example>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1120 0x001d:prime256v1:secp521r1:secp384r1
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1121 </example>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1122 <note>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1123 Переменная поддерживается при использовании OpenSSL версии 1.0.2 и выше.
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1124 При использовании более старых версий значением переменной будет пустая строка.
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1125 </note>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1126 <note>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1127 Переменная доступна только для новых сессий.
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1128 </note>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1129 </tag-desc>
0882ccb0c00f Documented the $ssl_curves and $ssl_ciphers variables. Yaroslav Zhuravlev <yar@nginx.com> parents: 1856 diff changeset	1130
2219 f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	1131 <tag-name id="var_ssl_early_data"><var>$ssl_early_data</var></tag-name>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	1132 <tag-desc>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	1133 возвращает “<literal>1</literal>”, если
2234 20a189bdb15f Updated SSL early data documentation. Yaroslav Zhuravlev <yar@nginx.com> parents: 2219 diff changeset	1134 используется TLS 1.3 <link id="ssl_early_data">early data</link>
2219 f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	1135 и операция handshake не завершена, иначе “” (1.15.3).
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	1136 </tag-desc>
f1e12641fc8a Documented TLS 1.3 early data. Yaroslav Zhuravlev <yar@nginx.com> parents: 2168 diff changeset	1137
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	1138 <tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1139 <tag-desc>
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1140 возвращает протокол установленного SSL-соединения;
f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1141 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1142
1167 cac06b81957c Documented the $ssl_server_name variable. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	1143 <tag-name id="var_ssl_server_name"><var>$ssl_server_name</var></tag-name>
cac06b81957c Documented the $ssl_server_name variable. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	1144 <tag-desc>
cac06b81957c Documented the $ssl_server_name variable. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	1145 возвращает имя сервера, запрошенное через
cac06b81957c Documented the $ssl_server_name variable. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	1146 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">SNI</link>
cac06b81957c Documented the $ssl_server_name variable. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	1147 (1.7.0);
cac06b81957c Documented the $ssl_server_name variable. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	1148 </tag-desc>
cac06b81957c Documented the $ssl_server_name variable. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	1149
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	1150 <tag-name id="var_ssl_session_id"><var>$ssl_session_id</var></tag-name>
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1151 <tag-desc>
1072 502f4be2d62e Documented the "ssl_session_reused" variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1055 diff changeset	1152 возвращает идентификатор сессии установленного SSL-соединения;
502f4be2d62e Documented the "ssl_session_reused" variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1055 diff changeset	1153 </tag-desc>
502f4be2d62e Documented the "ssl_session_reused" variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1055 diff changeset	1154
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 1072 diff changeset	1155 <tag-name id="var_ssl_session_reused"><var>$ssl_session_reused</var></tag-name>
1072 502f4be2d62e Documented the "ssl_session_reused" variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1055 diff changeset	1156 <tag-desc>
502f4be2d62e Documented the "ssl_session_reused" variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1055 diff changeset	1157 возвращает “<literal>r</literal>”, если сессия была использована повторно,
502f4be2d62e Documented the "ssl_session_reused" variable. Yaroslav Zhuravlev <yar@nginx.com> parents: 1055 diff changeset	1158 иначе “<literal>.</literal>” (1.5.11).
379 f13435414ed8 Revision. Ruslan Ermilov <ru@nginx.com> parents: 314 diff changeset	1159 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1160
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1161 </list>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1162 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1163
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1164 </section>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1165
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1166 </module>

Mercurial > hg > nginx-site

annotate xml/ru/docs/http/ngx_http_ssl_module.xml @ 2769:16f6fa718be2