Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 1019:2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 22 Nov 2013 16:44:41 +0400 |
parents | 95c3c3bbf1ce |
children | f7ca80263893 |
comparison
equal
deleted
inserted
replaced
1018:19129672444e | 1019:2b6a858c60dc |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="7"> | 13 rev="8"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
343 </para> | 343 </para> |
344 | 344 |
345 </directive> | 345 </directive> |
346 | 346 |
347 | 347 |
348 <directive name="ssl_session_ticket_key"> | |
349 <syntax><value>file</value></syntax> | |
350 <default/> | |
351 <context>http</context> | |
352 <context>server</context> | |
353 <appeared-in>1.5.7</appeared-in> | |
354 | |
355 <para> | |
356 Sets a <value>file</value> with the secret key used to encrypt | |
357 and decrypt TLS session tickets. | |
358 The directive is necessary if the same key has to be shared between | |
359 multiple servers. | |
360 By default, a randomly generated key is used. | |
361 </para> | |
362 | |
363 <para> | |
364 If several keys are specified, only the first key is | |
365 used to encrypt TLS session tickets. | |
366 This allows to configure key rotation, for example: | |
367 <example> | |
368 ssl_session_ticket_key current.key; | |
369 ssl_session_ticket_key previous.key; | |
370 </example> | |
371 </para> | |
372 | |
373 <para> | |
374 The <value>file</value> must contain 48 bytes of random data and can | |
375 be created using the following command: | |
376 <example> | |
377 openssl rand 48 > ticket.key | |
378 </example> | |
379 </para> | |
380 | |
381 </directive> | |
382 | |
383 | |
348 <directive name="ssl_session_timeout"> | 384 <directive name="ssl_session_timeout"> |
349 <syntax><value>time</value></syntax> | 385 <syntax><value>time</value></syntax> |
350 <default>5m</default> | 386 <default>5m</default> |
351 <context>http</context> | 387 <context>http</context> |
352 <context>server</context> | 388 <context>server</context> |