Mercurial > hg > nginx-site

annotate xml/ru/docs/stream/ngx_stream_ssl_module.xml @ 1520:ed36e909bc79

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Translated stream_ssl_module into Russian.
author Yaroslav Zhuravlev <yar@nginx.com>
date Tue, 30 Jun 2015 17:00:34 +0300
parents xml/en/docs/stream/ngx_stream_ssl_module.xml@3687cc9a3592
children e3d3e2ed4275
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
2
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
3 <!--
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
4 Copyright (C) Nginx, Inc.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
5 -->
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
6
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
8
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
9 <module name="Модуль ngx_stream_ssl_module"
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
10 link="/ru/docs/stream/ngx_stream_ssl_module.html"
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
11 lang="ru"
1499
3687cc9a3592 Removed SSLv3 from the default value of ssl_protocols and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1462
diff changeset
12 rev="4">
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
13
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14 <section id="summary">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
16 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
17 Модуль <literal>ngx_stream_ssl_module</literal> (1.9.0)
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
18 обеспечивает необходимую поддержку для работы
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
19 прокси-сервера по протоколу SSL/TLS.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
20 По умолчанию этот модуль не собирается, его сборку необходимо
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
21 разрешить с помощью конфигурационного параметра
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
22 <literal>--with-stream_ssl_module</literal>.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
23 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
24
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
25 </section>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
26
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
27
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
28 <section id="directives" name="Директивы">
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
29
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
30 <directive name="ssl_certificate">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
31 <syntax><value>файл</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
32 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
33 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
34 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
35
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
36 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
37 Указывает <value>файл</value> с сертификатом в формате PEM
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
38 для данного сервера.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
39 Если вместе с основным сертификатом нужно указать промежуточные,
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
40 то они должны находиться в этом же файле в следующем порядке — сначала
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
41 основной сертификат, а затем промежуточные.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
42 В этом же файле может находиться секретный ключ в формате PEM.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
43 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
44
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
45 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
46
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
47
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
48 <directive name="ssl_certificate_key">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
49 <syntax><value>файл</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
50 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
51 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
52 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
53
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
54 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
55 Указывает <value>файл</value> с секретным ключом в формате PEM
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
56 для данного сервера.
1456
acba294382d6 Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1450
diff changeset
57 </para>
acba294382d6 Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1450
diff changeset
58
acba294382d6 Documented engine support in ssl_certificate_key and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1450
diff changeset
59 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
60 Вместо <value>файла</value> можно указать значение
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
61 <literal>engine</literal>:<value>имя</value>:<value>id</value>,
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
62 которое загружает ключ с указанным <value>id</value>
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
63 из OpenSSL engine с заданным <value>именем</value>.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
64 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
65
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
66 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
67
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
68
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
69 <directive name="ssl_ciphers">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
70 <syntax><value>шифры</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
71 <default>HIGH:!aNULL:!MD5</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
72 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
73 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
74
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
75 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
76 Описывает разрешённые шифры.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
77 Шифры задаются в формате, поддерживаемом библиотекой
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
78 OpenSSL, например:
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
79 <example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
80 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
81 </example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
82 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
83
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
84 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
85 Полный список можно посмотреть с помощью команды
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
86 “<command>openssl ciphers</command>”.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
87 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
88
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
89 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
90
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
91
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
92 <directive name="ssl_dhparam">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
93 <syntax><value>файл</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
94 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
95 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
96 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
97
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
98 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
99 Указывает <value>файл</value> с параметрами для шифров с обменом EDH-ключами.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
100 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
101
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
102 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
103
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
104
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
105 <directive name="ssl_ecdh_curve">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
106 <syntax><value>кривая</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
107 <default>prime256v1</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
108 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
109 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
110
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
111 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
112 Задаёт <value>кривую</value> для ECDHE-шифров.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
113 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
114
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
115 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
116
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
117
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
118 <directive name="ssl_handshake_timeout">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
119 <syntax><value>время</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
120 <default>60s</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
121 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
122 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
123
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
124 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
125 Задаёт таймаут для завершения операции SSL handshake.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
126 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
127
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
128 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
129
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
130
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
131 <directive name="ssl_password_file">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
132 <syntax><value>файл</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
133 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
134 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
135 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
136
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
137 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
138 Задаёт <value>файл</value> с паролями от
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
139 <link id="ssl_certificate_key">секретных ключей</link>,
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
140 где каждый пароль указан на отдельной строке.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
141 Пароли применяются по очереди в момент загрузки ключа.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
142 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
143
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
144 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
145 Пример:
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
146 <example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
147 stream {
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
148 ssl_password_file /etc/keys/global.pass;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
149 ...
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
150
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
151 server {
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
152 listen 127.0.0.1:12345;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
153 ssl_certificate_key /etc/keys/first.key;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
154 }
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
155
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
156 server {
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
157 listen 127.0.0.1:12346;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
158
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
159 # вместо файла можно указать именованный канал
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
160 ssl_password_file /etc/keys/fifo;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
161 ssl_certificate_key /etc/keys/second.key;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
162 }
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
163 }
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
164 </example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
165 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
166
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
167 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
168
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
169
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
170 <directive name="ssl_prefer_server_ciphers">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
171 <syntax><literal>on</literal> | <literal>off</literal></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
172 <default>off</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
173 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
174 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
175
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
176 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
177 Указывает, чтобы при использовании протоколов SSLv3 и TLS
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
178 серверные шифры были более приоритетны, чем клиентские.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
179 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
180
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
181 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
182
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
183
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
184 <directive name="ssl_protocols">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
185 <syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
186 [<literal>SSLv2</literal>]
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
187 [<literal>SSLv3</literal>]
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
188 [<literal>TLSv1</literal>]
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
189 [<literal>TLSv1.1</literal>]
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
190 [<literal>TLSv1.2</literal>]</syntax>
1499
3687cc9a3592 Removed SSLv3 from the default value of ssl_protocols and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1462
diff changeset
191 <default>TLSv1 TLSv1.1 TLSv1.2</default>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
192 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
193 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
194
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
195 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
196 Разрешает указанные протоколы.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
197 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> работают
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
198 только при использовании библиотеки OpenSSL версии 1.0.1 и выше.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
199 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
200
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
201 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
202
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
203
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
204 <directive name="ssl_session_cache">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
205 <syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
206 <literal>off</literal> |
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
207 <literal>none</literal> |
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
208 [<literal>builtin</literal>[:<value>размер</value>]]
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
209 [<literal>shared</literal>:<value>название</value>:<value>размер</value>]</syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
210 <default>none</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
211 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
212 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
213
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
214 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
215 Задаёт тип и размеры кэшей для хранения параметров сессий.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
216 Тип кэша может быть следующим:
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
217 <list type="tag">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
218
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
219 <tag-name><literal>off</literal></tag-name>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
220 <tag-desc>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
221 жёсткое запрещение использования кэша сессий:
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
222 nginx явно сообщает клиенту, что сессии не могут использоваться повторно.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
223 </tag-desc>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
224
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
225 <tag-name><literal>none</literal></tag-name>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
226 <tag-desc>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
227 мягкое запрещение использования кэша сессий:
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
228 nginx сообщает клиенту, что сессии могут использоваться повторно, но
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
229 на самом деле не хранит параметры сессии в кэше.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
230 </tag-desc>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
231
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
232 <tag-name><literal>builtin</literal></tag-name>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
233 <tag-desc>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
234 встроенный в OpenSSL кэш, используется в рамках только одного рабочего процесса.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
235 Размер кэша задаётся в сессиях.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
236 Если размер не задан, то он равен 20480 сессиям.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
237 Использование встроенного кэша может вести к фрагментации памяти.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
238 </tag-desc>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
239
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
240 <tag-name><literal>shared</literal></tag-name>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
241 <tag-desc>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
242 кэш, разделяемый между всеми рабочими процессами.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
243 Размер кэша задаётся в байтах, в 1 мегабайт может поместиться
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
244 около 4000 сессий.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
245 У каждого разделяемого кэша должно быть произвольное название.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
246 Кэш с одинаковым названием может использоваться в нескольких
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
247 серверах.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
248 </tag-desc>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
249
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
250 </list>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
251 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
252
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
253 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
254 Можно использовать одновременно оба типа кэша, например:
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
255 <example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
256 ssl_session_cache builtin:1000 shared:SSL:10m;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
257 </example>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
258 однако использование только разделяемого кэша без встроенного должно
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
259 быть более эффективным.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
260 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
261
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
262 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
263
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
264
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
265 <directive name="ssl_session_ticket_key">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
266 <syntax><value>файл</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
267 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
268 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
269 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
270
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
271 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
272 Задаёт <value>файл</value> с секретным ключом, применяемым при шифровании и
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
273 расшифровании TLS session tickets.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
274 Директива необходима, если один и тот же ключ нужно использовать
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
275 на нескольких серверах.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
276 По умолчанию используется случайно сгенерированный ключ.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
277 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
278
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
279 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
280 Если указано несколько ключей, то только первый ключ
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
281 используется для шифрования TLS session tickets.
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
282 Это позволяет настроить ротацию ключей, например:
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
283 <example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
284 ssl_session_ticket_key current.key;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
285 ssl_session_ticket_key previous.key;
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
286 </example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
287 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
288
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
289 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
290 <value>Файл</value> должен содержать 48 байт случайных данных и может быть
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
291 создан следующей командой:
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
292 <example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
293 openssl rand 48 > ticket.key
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
294 </example>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
295 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
296
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
297 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
298
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
299
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
300 <directive name="ssl_session_tickets">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
301 <syntax><literal>on</literal> | <literal>off</literal></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
302 <default>on</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
303 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
304 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
305
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
306 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
307 Разрешает или запрещает возобновление сессий при помощи
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
308 <link url="http://tools.ietf.org/html/rfc5077">TLS session tickets</link>.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
309 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
310
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
311 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
312
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
313
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
314 <directive name="ssl_session_timeout">
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
315 <syntax><value>время</value></syntax>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
316 <default>5m</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
317 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
318 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
319
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
320 <para>
1520
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
321 Задаёт время, в течение которого клиент может повторно
ed36e909bc79 Translated stream_ssl_module into Russian.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
322 использовать параметры сессии, хранящейся в кэше.
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
323 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
324
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
325 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
326
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
327 </section>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
328
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
329 </module>