Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 2948:37e082fd009c
Added TLSv1.3 to the default value of ssl_protocols and friends.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Fri, 10 Mar 2023 22:17:07 +0000 |
parents | aac9e462320b |
children |
comparison
equal
deleted
inserted
replaced
2947:39a5ac34d794 | 2948:37e082fd009c |
---|---|
6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> | 6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> |
7 | 7 |
8 <article name="Configuring HTTPS servers" | 8 <article name="Configuring HTTPS servers" |
9 link="/en/docs/http/configuring_https_servers.html" | 9 link="/en/docs/http/configuring_https_servers.html" |
10 lang="en" | 10 lang="en" |
11 rev="13" | 11 rev="14" |
12 author="Igor Sysoev" | 12 author="Igor Sysoev" |
13 editor="Brian Mercer"> | 13 editor="Brian Mercer"> |
14 | 14 |
15 <section> | 15 <section> |
16 | 16 |
29 server { | 29 server { |
30 listen 443 <b>ssl</b>; | 30 listen 443 <b>ssl</b>; |
31 server_name www.example.com; | 31 server_name www.example.com; |
32 ssl_certificate <b>www.example.com.crt</b>; | 32 ssl_certificate <b>www.example.com.crt</b>; |
33 ssl_certificate_key <b>www.example.com.key</b>; | 33 ssl_certificate_key <b>www.example.com.key</b>; |
34 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | 34 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; |
35 ssl_ciphers HIGH:!aNULL:!MD5; | 35 ssl_ciphers HIGH:!aNULL:!MD5; |
36 ... | 36 ... |
37 } | 37 } |
38 </programlisting> | 38 </programlisting> |
39 | 39 |
57 The directives <link doc="ngx_http_ssl_module.xml" id="ssl_protocols"/> and | 57 The directives <link doc="ngx_http_ssl_module.xml" id="ssl_protocols"/> and |
58 <link doc="ngx_http_ssl_module.xml" id="ssl_ciphers"/> | 58 <link doc="ngx_http_ssl_module.xml" id="ssl_ciphers"/> |
59 can be used to limit connections | 59 can be used to limit connections |
60 to include only the strong versions and ciphers of SSL/TLS. | 60 to include only the strong versions and ciphers of SSL/TLS. |
61 By default nginx uses | 61 By default nginx uses |
62 “<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2</literal>” | 62 “<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</literal>” |
63 and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”, | 63 and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”, |
64 so configuring them explicitly is generally not needed. | 64 so configuring them explicitly is generally not needed. |
65 Note that default values of these directives were | 65 Note that default values of these directives were |
66 <link id="compatibility">changed</link> several times. | 66 <link id="compatibility">changed</link> several times. |
67 </para> | 67 </para> |
108 server_name www.example.com; | 108 server_name www.example.com; |
109 <b>keepalive_timeout 70</b>; | 109 <b>keepalive_timeout 70</b>; |
110 | 110 |
111 ssl_certificate www.example.com.crt; | 111 ssl_certificate www.example.com.crt; |
112 ssl_certificate_key www.example.com.key; | 112 ssl_certificate_key www.example.com.key; |
113 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | 113 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; |
114 ssl_ciphers HIGH:!aNULL:!MD5; | 114 ssl_ciphers HIGH:!aNULL:!MD5; |
115 ... | 115 ... |
116 </programlisting> | 116 </programlisting> |
117 </para> | 117 </para> |
118 | 118 |
444 | 444 |
445 <para> | 445 <para> |
446 <list type="bullet"> | 446 <list type="bullet"> |
447 | 447 |
448 <listitem> | 448 <listitem> |
449 Version 1.23.4 and later: the default SSL protocols are TLSv1, | |
450 TLSv1.1, TLSv1.2, and TLSv1.3 (if supported by the OpenSSL library). | |
451 </listitem> | |
452 | |
453 <listitem> | |
449 Version 1.9.1 and later: the default SSL protocols are TLSv1, | 454 Version 1.9.1 and later: the default SSL protocols are TLSv1, |
450 TLSv1.1, and TLSv1.2 (if supported by the OpenSSL library). | 455 TLSv1.1, and TLSv1.2 (if supported by the OpenSSL library). |
451 </listitem> | 456 </listitem> |
452 | 457 |
453 <listitem> | 458 <listitem> |