nginx-site: xml/ru/docs/mail/ngx_mail_ssl

annotate xml/ru/docs/mail/ngx_mail_ssl_module.xml @ 2769:16f6fa718be2

Updated TLSv1.3 support notes. Previous notes described some early development snapshot of OpenSSL 1.1.1 with disabled TLSv1.3 by default. It was then enabled in the first alpha. Further, the updated text covers later major releases such as OpenSSL 3.0.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Thu, 30 Sep 2021 16:29:20 +0300
parents	ff357b676c2e
children	4add6ae1296f

rev	line source
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	1 <?xml version="1.0"?>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	2
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	3 <!--
638 179336bb5c03 Fixed copyright lines. Ruslan Ermilov <ru@nginx.com> parents: 630 diff changeset	4 Copyright (C) 2006, 2007 Anton Yuzhaninov
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	5 Copyright (C) Nginx, Inc.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	6 -->
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	7
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	9
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	10 <module name="Модуль ngx_mail_ssl_module"
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	11 link="/ru/docs/mail/ngx_mail_ssl_module.html"
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	12 lang="ru"
2769 16f6fa718be2 Updated TLSv1.3 support notes. Sergey Kandaurov <pluknet@nginx.com> parents: 2735 diff changeset	13 rev="23">
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	14
640 febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	15 <section id="summary">
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	16
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	17 <para>
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	18 Модуль <literal>ngx_mail_ssl_module</literal> обеспечивает работу
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	19 почтового прокси-сервера по протоколу SSL/TLS.
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	20 </para>
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	21
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	22 <para>
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	23 По умолчанию этот модуль не собирается, его сборку необходимо
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	24 разрешить с помощью конфигурационного параметра
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	25 <literal>--with-mail_ssl_module</literal>.
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	26 <note>
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	27 Для сборки и работы этого модуля нужна библиотека
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	28 <link url="http://www.openssl.org">OpenSSL</link>.
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	29 </note>
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	30 </para>
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	31
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	32 </section>
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	33
febc8a4ad739 Added the "summary" section to ngx_mail_ssl_module. Ruslan Ermilov <ru@nginx.com> parents: 638 diff changeset	34
1521 e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	35 <section id="example" name="Пример конфигурации">
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	36
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	37 <para>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	38 Для уменьшения загрузки процессора рекомендуется
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	39 <list type="bullet">
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	40
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	41 <listitem>
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	42 установить число
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	43 <link doc="../ngx_core_module.xml" id="worker_processes">рабочих процессов</link>
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	44 равным числу процессоров,
1521 e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	45 </listitem>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	46
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	47 <listitem>
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	48 включить <link id="ssl_session_cache_shared">разделяемый</link> кэш сессий,
1521 e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	49 </listitem>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	50
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	51 <listitem>
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	52 выключить <link id="ssl_session_cache_builtin">встроенный</link> кэш сессий
1521 e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	53 </listitem>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	54
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	55 <listitem>
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	56 и, возможно, увеличить <link id="ssl_session_timeout">время жизни</link> сессии
3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	57 (по умолчанию 5 минут):
1521 e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	58 </listitem>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	59
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	60 </list>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	61
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	62 <example>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	63 <emphasis>worker_processes auto;</emphasis>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	64
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	65 mail {
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	66
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	67 ...
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	68
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	69 server {
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	70 listen 993 ssl;
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	71
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	72 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	73 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	74 ssl_certificate /usr/local/nginx/conf/cert.pem;
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	75 ssl_certificate_key /usr/local/nginx/conf/cert.key;
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	76 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	77 <emphasis>ssl_session_timeout 10m;</emphasis>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	78
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	79 ...
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	80 }
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	81 </example>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	82 </para>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	83
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	84 </section>
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	85
e3d3e2ed4275 Added example configuration to mail and stream ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1499 diff changeset	86
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	87 <section id="directives" name="Директивы">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	88
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	89 <directive name="ssl">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	90 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	91 <default>off</default>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	92 <context>mail</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	93 <context>server</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	94
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	95 <para>
2168 3535437f97d2 Deprecated the "ssl" directive for http and mail. Yaroslav Zhuravlev <yar@nginx.com> parents: 2068 diff changeset	96 Эта директива устарела в версии 1.15.0.
3535437f97d2 Deprecated the "ssl" directive for http and mail. Yaroslav Zhuravlev <yar@nginx.com> parents: 2068 diff changeset	97 Вместо неё следует
3535437f97d2 Deprecated the "ssl" directive for http and mail. Yaroslav Zhuravlev <yar@nginx.com> parents: 2068 diff changeset	98 использовать параметр <literal>ssl</literal>
3535437f97d2 Deprecated the "ssl" directive for http and mail. Yaroslav Zhuravlev <yar@nginx.com> parents: 2068 diff changeset	99 директивы <link doc="ngx_mail_core_module.xml" id="listen"/>.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	100 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	101
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	102 </directive>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	103
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	104
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	105 <directive name="ssl_certificate">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	106 <syntax><value>файл</value></syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	107 <default/>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	108 <context>mail</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	109 <context>server</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	110
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	111 <para>
1456 acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	112 Указывает <value>файл</value> с сертификатом в формате PEM
751 9c1ffd02f1b7 Removed "virtual" and HTTPS references from mail modules. Vladimir Homutov <vl@nginx.com> parents: 640 diff changeset	113 для данного сервера.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	114 Если вместе с основным сертификатом нужно указать промежуточные,
1457 78ccd1af1400 Minimized diffs between http, mail, and stream. Ruslan Ermilov <ru@nginx.com> parents: 1456 diff changeset	115 то они должны находиться в этом же файле в следующем порядке: сначала
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	116 основной сертификат, а затем промежуточные.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	117 В этом же файле может находиться секретный ключ в формате PEM.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	118 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	119
1726 a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	120 <para>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	121 Начиная с версии 1.11.0
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	122 эта директива может быть указана несколько раз
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	123 для загрузки сертификатов разных типов, например RSA и ECDSA:
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	124 <example>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	125 server {
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	126 listen 993 ssl;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	127
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	128 ssl_certificate example.com.rsa.crt;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	129 ssl_certificate_key example.com.rsa.key;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	130
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	131 ssl_certificate example.com.ecdsa.crt;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	132 ssl_certificate_key example.com.ecdsa.key;
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	133
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	134 ...
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	135 }
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	136 </example>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	137 <note>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	138 Возможность задавать отдельные цепочки сертификатов для разных сертификатов
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	139 есть только в OpenSSL 1.0.2 и выше.
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	140 Для более старых версий следует указывать только одну цепочку сертификатов.
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	141 </note>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	142 </para>
a0bc284941f6 Documented multiple certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 1711 diff changeset	143
2350 8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	144 <para id="ssl_certificate_data">
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	145 Вместо <value>файла</value> можно указать значение
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	146 <literal>data</literal>:<value>сертификат</value> (1.15.10),
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	147 при котором сертификат загружается
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	148 без использования промежуточных файлов.
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	149 При этом следует учитывать, что ненадлежащее использование
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	150 подобного синтаксиса может быть небезопасно,
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	151 например данные секретного ключа могут попасть в
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	152 <link doc="../ngx_core_module.xml" id="error_log">лог ошибок</link>.
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	153 </para>
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	154
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	155 </directive>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	156
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	157
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	158 <directive name="ssl_certificate_key">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	159 <syntax><value>файл</value></syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	160 <default/>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	161 <context>mail</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	162 <context>server</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	163
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	164 <para>
1456 acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	165 Указывает <value>файл</value> с секретным ключом в формате PEM
751 9c1ffd02f1b7 Removed "virtual" and HTTPS references from mail modules. Vladimir Homutov <vl@nginx.com> parents: 640 diff changeset	166 для данного сервера.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	167 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	168
1456 acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	169 <para>
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	170 Вместо <value>файла</value> можно указать значение
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	171 <literal>engine</literal>:<value>имя</value>:<value>id</value> (1.7.9),
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	172 которое загружает ключ с указанным <value>id</value>
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	173 из OpenSSL engine с заданным <value>именем</value>.
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	174 </para>
acba294382d6 Documented engine support in ssl_certificate_key and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1429 diff changeset	175
2350 8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	176 <para id="ssl_certificate_key_data">
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	177 Вместо <value>файла</value> можно указать значение
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	178 <literal>data</literal>:<value>ключ</value> (1.15.10),
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	179 при котором секретный ключ загружается
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	180 без использования промежуточных файлов.
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	181 При этом следует учитывать, что ненадлежащее использование
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	182 подобного синтаксиса может быть небезопасно,
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	183 например данные секретного ключа могут попасть в
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	184 <link doc="../ngx_core_module.xml" id="error_log">лог ошибок</link>.
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	185 </para>
8e35f3af574b Documented the "data:" syntax for ssl_certificate and key. Yaroslav Zhuravlev <yar@nginx.com> parents: 2296 diff changeset	186
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	187 </directive>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	188
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	189
1266 35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	190 <directive name="ssl_ciphers">
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	191 <syntax><value>шифры</value></syntax>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	192 <default>HIGH:!aNULL:!MD5</default>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	193 <context>mail</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	194 <context>server</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	195
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	196 <para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	197 Описывает разрешённые шифры.
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	198 Шифры задаются в формате, поддерживаемом библиотекой
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	199 OpenSSL, например:
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	200 <example>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	201 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	202 </example>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	203 </para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	204
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	205 <para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	206 Полный список можно посмотреть с помощью команды
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	207 “<command>openssl ciphers</command>”.
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	208 </para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	209
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	210 <para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	211 <note>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	212 В предыдущих версиях nginx по умолчанию использовались
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	213 <link doc="../http/configuring_https_servers.xml" id="compatibility">другие</link>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	214 шифры.
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	215 </note>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	216 </para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	217
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	218 </directive>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	219
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	220
1429 06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	221 <directive name="ssl_client_certificate">
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	222 <syntax><value>файл</value></syntax>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	223 <default/>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	224 <context>mail</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	225 <context>server</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	226 <appeared-in>1.7.11</appeared-in>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	227
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	228 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	229 Указывает <value>файл</value> с доверенными сертификатами CA в формате
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	230 PEM, которые используются для
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	231 <link id="ssl_verify_client">проверки</link> клиентских сертификатов.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	232 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	233
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	234 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	235 Список сертификатов будет отправляться клиентам.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	236 Если это нежелательно, можно воспользоваться директивой
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	237 <link id="ssl_trusted_certificate"/>.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	238 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	239
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	240 </directive>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	241
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	242
2616 d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	243 <directive name="ssl_conf_command">
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	244 <syntax><value>command</value></syntax>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	245 <default/>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	246 <context>mail</context>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	247 <context>server</context>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	248 <appeared-in>1.19.4</appeared-in>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	249
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	250 <para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	251 Задаёт произвольные конфигурационные
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	252 <link url="https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html">команды</link>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	253 OpenSSL.
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	254 <note>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	255 Директива поддерживается при использовании OpenSSL 1.0.2 и выше.
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	256 </note>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	257 </para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	258
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	259 <para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	260 На одном уровне может быть указано
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	261 несколько директив <literal>ssl_conf_command</literal>:
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	262 <example>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	263 ssl_conf_command Options PrioritizeChaCha;
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	264 ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	265 </example>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	266 Директивы наследуются с предыдущего уровня конфигурации при условии, что
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	267 на данном уровне не описаны свои директивы <literal>ssl_conf_command</literal>.
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	268 </para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	269
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	270 <para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	271 <note>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	272 Следует учитывать, что изменение настроек OpenSSL напрямую
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	273 может привести к неожиданному поведению.
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	274 </note>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	275 </para>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	276
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	277 </directive>
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	278
d8bf37d20449 Documented the ssl_conf_command directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 2350 diff changeset	279
1429 06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	280 <directive name="ssl_crl">
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	281 <syntax><value>файл</value></syntax>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	282 <default/>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	283 <context>mail</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	284 <context>server</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	285 <appeared-in>1.7.11</appeared-in>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	286
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	287 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	288 Указывает <value>файл</value> с отозванными сертификатами (CRL)
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	289 в формате PEM, используемыми для
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	290 <link id="ssl_verify_client">проверки</link> клиентских сертификатов.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	291 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	292
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	293 </directive>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	294
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	295
1266 35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	296 <directive name="ssl_dhparam">
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	297 <syntax><value>файл</value></syntax>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	298 <default/>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	299 <context>mail</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	300 <context>server</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	301 <appeared-in>0.7.2</appeared-in>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	302
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	303 <para>
1706 6f5497797cde Changed "EDH ciphers" to "DHE ciphers". Maxim Dounin <mdounin@mdounin.ru> parents: 1522 diff changeset	304 Указывает <value>файл</value> с параметрами для DHE-шифров.
1266 35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	305 </para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	306
2296 e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2168 diff changeset	307 <para>
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2168 diff changeset	308 По умолчанию параметры не заданы,
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2168 diff changeset	309 и соответственно DHE-шифры не будут использоваться.
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2168 diff changeset	310 <note>
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2168 diff changeset	311 До версии 1.11.0 по умолчанию использовались встроенные параметры.
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2168 diff changeset	312 </note>
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2168 diff changeset	313 </para>
e2e71f9477a8 Added note about ssl_dhparam defaults. Sergey Kandaurov <pluknet@nginx.com> parents: 2168 diff changeset	314
1266 35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	315 </directive>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	316
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	317
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	318 <directive name="ssl_ecdh_curve">
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	319 <syntax><value>кривая</value></syntax>
1711 38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	320 <default>auto</default>
1266 35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	321 <context>mail</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	322 <context>server</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	323 <appeared-in>1.1.0</appeared-in>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	324 <appeared-in>1.0.6</appeared-in>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	325
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	326 <para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	327 Задаёт кривую для ECDHE-шифров.
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	328 </para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	329
1711 38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	330 <para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	331 При использовании OpenSSL 1.0.2 и выше
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	332 можно указывать несколько кривых (1.11.0), например:
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	333 <example>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	334 ssl_ecdh_curve prime256v1:secp384r1;
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	335 </example>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	336 </para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	337
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	338 <para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	339 Специальное значение <literal>auto</literal> (1.11.0) соответствует
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	340 встроенному в библиотеку OpenSSL списку кривых для OpenSSL 1.0.2 и выше,
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	341 или <literal>prime256v1</literal> для более старых версий.
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	342 </para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	343
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	344 <para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	345 <note>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	346 До версии 1.11.0
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	347 по умолчанию использовалась кривая <literal>prime256v1</literal>.
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	348 </note>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	349 </para>
38fb3e6b71e8 Documented ssl_ecdh_curve changes in 1.11.0. Maxim Dounin <mdounin@mdounin.ru> parents: 1706 diff changeset	350
2648 78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	351 <para>
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	352 <note>
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	353 При использовании OpenSSL 1.0.2 и выше
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	354 директива задаёт список кривых, поддерживаемых сервером.
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	355 Поэтому для работы ECDSA-сертификатов
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	356 важно, чтобы список включал кривые, используемые в сертификатах.
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	357 </note>
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	358 </para>
78161967514f Mentioned ECDSA in ssl_ecdh_curve. Yaroslav Zhuravlev <yar@nginx.com> parents: 2616 diff changeset	359
1266 35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	360 </directive>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	361
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	362
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	363 <directive name="ssl_password_file">
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	364 <syntax><value>файл</value></syntax>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	365 <default/>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	366 <context>mail</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	367 <context>server</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	368 <appeared-in>1.7.3</appeared-in>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	369
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	370 <para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	371 Задаёт <value>файл</value> с паролями от
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	372 <link id="ssl_certificate_key">секретных ключей</link>,
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	373 где каждый пароль указан на отдельной строке.
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	374 Пароли применяются по очереди в момент загрузки ключа.
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	375 </para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	376
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	377 <para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	378 Пример:
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	379 <example>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	380 mail {
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	381 ssl_password_file /etc/keys/global.pass;
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	382 ...
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	383
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	384 server {
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	385 server_name mail1.example.com;
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	386 ssl_certificate_key /etc/keys/first.key;
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	387 }
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	388
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	389 server {
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	390 server_name mail2.example.com;
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	391
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	392 # вместо файла можно указать именованный канал
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	393 ssl_password_file /etc/keys/fifo;
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	394 ssl_certificate_key /etc/keys/second.key;
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	395 }
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	396 }
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	397 </example>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	398 </para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	399
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	400 </directive>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	401
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	402
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	403 <directive name="ssl_prefer_server_ciphers">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	404 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	405 <default>off</default>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	406 <context>mail</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	407 <context>server</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	408
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	409 <para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	410 Указывает, чтобы при использовании протоколов SSLv3 и TLS
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	411 серверные шифры были более приоритетны, чем клиентские.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	412 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	413
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	414 </directive>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	415
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	416
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	417 <directive name="ssl_protocols">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	418 <syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	419 [<literal>SSLv2</literal>]
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	420 [<literal>SSLv3</literal>]
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	421 [<literal>TLSv1</literal>]
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	422 [<literal>TLSv1.1</literal>]
1978 8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1924 diff changeset	423 [<literal>TLSv1.2</literal>]
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1924 diff changeset	424 [<literal>TLSv1.3</literal>]</syntax>
1499 3687cc9a3592 Removed SSLv3 from the default value of ssl_protocols and friends. Yaroslav Zhuravlev <yar@nginx.com> parents: 1457 diff changeset	425 <default>TLSv1 TLSv1.1 TLSv1.2</default>
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	426 <context>mail</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	427 <context>server</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	428
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	429 <para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	430 Разрешает указанные протоколы.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	431 <note>
1978 8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1924 diff changeset	432 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal>
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1924 diff changeset	433 (1.1.13, 1.0.12) работают только при использовании OpenSSL 1.0.1 и выше.
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1924 diff changeset	434 </note>
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1924 diff changeset	435 <note>
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive. Sergey Kandaurov <pluknet@nginx.com> parents: 1924 diff changeset	436 Параметр <literal>TLSv1.3</literal> (1.13.0) работает только
2769 16f6fa718be2 Updated TLSv1.3 support notes. Sergey Kandaurov <pluknet@nginx.com> parents: 2735 diff changeset	437 при использовании OpenSSL 1.1.1 и выше.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	438 </note>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	439 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	440
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	441 </directive>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	442
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	443
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	444 <directive name="ssl_session_cache">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	445 <syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	446 <literal>off</literal> \|
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	447 <literal>none</literal> \|
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	448 [<literal>builtin</literal>[:<value>размер</value>]]
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	449 [<literal>shared</literal>:<value>название</value>:<value>размер</value>]</syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	450 <default>none</default>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	451 <context>mail</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	452 <context>server</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	453
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	454 <para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	455 Задаёт тип и размеры кэшей для хранения параметров сессий.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	456 Тип кэша может быть следующим:
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	457 <list type="tag" compact="no">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	458
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	459 <tag-name><literal>off</literal></tag-name>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	460 <tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	461 жёсткое запрещение использования кэша сессий:
1522 ee91c95fca48 Corrected Russian translation of the ssl_session_cache directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1521 diff changeset	462 nginx явно сообщает клиенту, что сессии не могут использоваться повторно.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	463 </tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	464
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	465 <tag-name><literal>none</literal></tag-name>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	466 <tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	467 мягкое запрещение использования кэша сессий:
1522 ee91c95fca48 Corrected Russian translation of the ssl_session_cache directive. Yaroslav Zhuravlev <yar@nginx.com> parents: 1521 diff changeset	468 nginx сообщает клиенту, что сессии могут использоваться повторно, но
966 95c3c3bbf1ce Text review. Egor Nikitin <yegor.nikitin@gmail.com> parents: 751 diff changeset	469 на самом деле не хранит параметры сессии в кэше.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	470 </tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	471
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	472 <tag-name id="ssl_session_cache_builtin"><literal>builtin</literal></tag-name>
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	473 <tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	474 встроенный в OpenSSL кэш, используется в рамках только одного рабочего процесса.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	475 Размер кэша задаётся в сессиях.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	476 Если размер не задан, то он равен 20480 сессиям.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	477 Использование встроенного кэша может вести к фрагментации памяти.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	478 </tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	479
2068 3d9e7993c201 Added links to directives in the example of ssl modules. Yaroslav Zhuravlev <yar@nginx.com> parents: 1978 diff changeset	480 <tag-name id="ssl_session_cache_shared"><literal>shared</literal></tag-name>
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	481 <tag-desc>
966 95c3c3bbf1ce Text review. Egor Nikitin <yegor.nikitin@gmail.com> parents: 751 diff changeset	482 кэш, разделяемый между всеми рабочими процессами.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	483 Размер кэша задаётся в байтах, в 1 мегабайт может поместиться
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	484 около 4000 сессий.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	485 У каждого разделяемого кэша должно быть произвольное название.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	486 Кэш с одинаковым названием может использоваться в нескольких
751 9c1ffd02f1b7 Removed "virtual" and HTTPS references from mail modules. Vladimir Homutov <vl@nginx.com> parents: 640 diff changeset	487 серверах.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	488 </tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	489
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	490 </list>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	491 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	492
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	493 <para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	494 Можно использовать одновременно оба типа кэша, например:
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	495 <example>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	496 ssl_session_cache builtin:1000 shared:SSL:10m;
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	497 </example>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	498 однако использование только разделяемого кэша без встроенного должно
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	499 быть более эффективным.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	500 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	501
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	502 </directive>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	503
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	504
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	505 <directive name="ssl_session_ticket_key">
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	506 <syntax><value>файл</value></syntax>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	507 <default/>
1020 00403cb3005a Fixed a typo. Vladimir Homutov <vl@nginx.com> parents: 1019 diff changeset	508 <context>mail</context>
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	509 <context>server</context>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	510 <appeared-in>1.5.7</appeared-in>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	511
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	512 <para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	513 Задаёт <value>файл</value> с секретным ключом, применяемым при шифровании и
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	514 расшифровании TLS session tickets.
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	515 Директива необходима, если один и тот же ключ нужно использовать
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	516 на нескольких серверах.
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	517 По умолчанию используется случайно сгенерированный ключ.
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	518 </para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	519
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	520 <para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	521 Если указано несколько ключей, то только первый ключ
1020 00403cb3005a Fixed a typo. Vladimir Homutov <vl@nginx.com> parents: 1019 diff changeset	522 используется для шифрования TLS session tickets.
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	523 Это позволяет настроить ротацию ключей, например:
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	524 <example>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	525 ssl_session_ticket_key current.key;
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	526 ssl_session_ticket_key previous.key;
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	527 </example>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	528 </para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	529
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	530 <para>
1877 aa29a64a5e9d Documented ssl_session_ticket_key 80-byte keys. Maxim Dounin <mdounin@mdounin.ru> parents: 1785 diff changeset	531 <value>Файл</value> должен содержать 80 или 48 байт случайных данных
aa29a64a5e9d Documented ssl_session_ticket_key 80-byte keys. Maxim Dounin <mdounin@mdounin.ru> parents: 1785 diff changeset	532 и может быть создан следующей командой:
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	533 <example>
1877 aa29a64a5e9d Documented ssl_session_ticket_key 80-byte keys. Maxim Dounin <mdounin@mdounin.ru> parents: 1785 diff changeset	534 openssl rand 80 > ticket.key
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	535 </example>
2735 ff357b676c2e Removed trailing spaces. Maxim Dounin <mdounin@mdounin.ru> parents: 2648 diff changeset	536 В зависимости от размера файла для шифрования будет использоваться либо
1877 aa29a64a5e9d Documented ssl_session_ticket_key 80-byte keys. Maxim Dounin <mdounin@mdounin.ru> parents: 1785 diff changeset	537 AES256 (для 80-байтных ключей, 1.11.8), либо AES128 (для 48-байтных ключей).
1019 2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	538 </para>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	539
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	540 </directive>
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	541
2b6a858c60dc Documented the "ssl_session_ticket_key" directive in http and mail. Vladimir Homutov <vl@nginx.com> parents: 966 diff changeset	542
1266 35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	543 <directive name="ssl_session_tickets">
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	544 <syntax><literal>on</literal> \| <literal>off</literal></syntax>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	545 <default>on</default>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	546 <context>mail</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	547 <context>server</context>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	548 <appeared-in>1.5.9</appeared-in>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	549
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	550 <para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	551 Разрешает или запрещает возобновление сессий при помощи
1923 66a30a380fba Fixed links to tools.ietf.org. Ruslan Ermilov <ru@nginx.com> parents: 1877 diff changeset	552 <link url="https://tools.ietf.org/html/rfc5077">TLS session tickets</link>.
1266 35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	553 </para>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	554
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	555 </directive>
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	556
35d6ac64bf27 Documented five directives in the mail ssl module. Yaroslav Zhuravlev <yar@nginx.com> parents: 1020 diff changeset	557
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	558 <directive name="ssl_session_timeout">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	559 <syntax><value>время</value></syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	560 <default>5m</default>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	561 <context>mail</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	562 <context>server</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	563
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	564 <para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	565 Задаёт время, в течение которого клиент может повторно
1785 3fa0944ddc6a Removed info about session cache from ssl_session_timeout. Yaroslav Zhuravlev <yar@nginx.com> parents: 1726 diff changeset	566 использовать параметры сессии.
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	567 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	568
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	569 </directive>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	570
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	571
1429 06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	572 <directive name="ssl_trusted_certificate">
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	573 <syntax><value>файл</value></syntax>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	574 <default/>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	575 <context>mail</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	576 <context>server</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	577 <appeared-in>1.7.11</appeared-in>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	578
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	579 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	580 Задаёт <value>файл</value> с доверенными сертификатами CA в формате PEM,
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	581 которые используются для
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	582 <link id="ssl_verify_client">проверки</link> клиентских сертификатов.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	583 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	584
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	585 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	586 В отличие от <link id="ssl_client_certificate"/>, список этих сертификатов
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	587 не будет отправляться клиентам.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	588 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	589
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	590 </directive>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	591
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	592
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	593 <directive name="ssl_verify_client">
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	594 <syntax>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	595 <literal>on</literal> \| <literal>off</literal> \|
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	596 <literal>optional</literal> \| <literal>optional_no_ca</literal></syntax>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	597 <default>off</default>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	598 <context>mail</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	599 <context>server</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	600 <appeared-in>1.7.11</appeared-in>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	601
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	602 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	603 Разрешает проверку клиентских сертификатов.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	604 Результат проверки передаётся в заголовке
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	605 <header>Auth-SSL-Verify</header> в запросе
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	606 <link doc="ngx_mail_auth_http_module.xml" id="auth_http">аутентификации</link>.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	607 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	608
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	609 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	610 Параметр <literal>optional</literal> запрашивает клиентский
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	611 сертификат, и если сертификат был предоставлен, проверяет его.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	612 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	613
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	614 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	615 Параметр <literal>optional_no_ca</literal>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	616 запрашивает сертификат
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	617 клиента, но не требует, чтобы он был подписан доверенным сертификатом CA.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	618 Это предназначено для случаев, когда фактическая проверка сертификата
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	619 осуществляется внешним по отношению к nginx’у сервисом.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	620 Содержимое сертификата доступно в запросах,
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	621 <link doc="ngx_mail_auth_http_module.xml"
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	622 id="auth_http_pass_client_cert">посылаемых</link>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	623 на сервер аутентификации.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	624 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	625
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	626 </directive>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	627
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	628
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	629 <directive name="ssl_verify_depth">
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	630 <syntax><value>число</value></syntax>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	631 <default>1</default>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	632 <context>mail</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	633 <context>server</context>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	634 <appeared-in>1.7.11</appeared-in>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	635
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	636 <para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	637 Устанавливает глубину проверки в цепочке клиентских сертификатов.
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	638 </para>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	639
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	640 </directive>
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	641
06322891b4e3 Client certificate directives in mail_ssl_module and associates. Sergey Kandaurov <pluknet@nginx.com> parents: 1266 diff changeset	642
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	643 <directive name="starttls">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	644 <syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	645 <literal>on</literal> \|
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	646 <literal>off</literal> \|
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	647 <literal>only</literal></syntax>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	648 <default>off</default>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	649 <context>mail</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	650 <context>server</context>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	651
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	652 <para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	653 <list type="tag">
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	654
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	655 <tag-name><literal>on</literal></tag-name>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	656 <tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	657 разрешить использование команд <literal>STLS</literal> для POP3
1924 237a10fb98d2 Clarified imap/pop3/smtp_capabilities and starttls interaction. Sergey Kandaurov <pluknet@nginx.com> parents: 1923 diff changeset	658 и <literal>STARTTLS</literal> для IMAP и SMTP;
630 a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	659 </tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	660
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	661 <tag-name><literal>off</literal></tag-name>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	662 <tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	663 запретить использование команд <literal>STLS</literal>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	664 и <literal>STARTTLS</literal>;
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	665 </tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	666
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	667 <tag-name><literal>only</literal></tag-name>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	668 <tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	669 требовать предварительного перехода на TLS.
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	670 </tag-desc>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	671
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	672 </list>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	673 </para>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	674
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	675 </directive>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	676
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	677 </section>
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	678
a235ce0f8eef Initial mail proxy server documentation in Russian. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	679 </module>

Mercurial > hg > nginx-site

annotate xml/ru/docs/mail/ngx_mail_ssl_module.xml @ 2769:16f6fa718be2