Mercurial > hg > nginx-site
comparison xml/en/docs/mail/ngx_mail_ssl_module.xml @ 2948:37e082fd009c
Added TLSv1.3 to the default value of ssl_protocols and friends.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Fri, 10 Mar 2023 22:17:07 +0000 |
parents | 8033ffaedeb9 |
children | 2b02fee0d12e |
comparison
equal
deleted
inserted
replaced
2947:39a5ac34d794 | 2948:37e082fd009c |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_mail_ssl_module" | 10 <module name="Module ngx_mail_ssl_module" |
11 link="/en/docs/mail/ngx_mail_ssl_module.html" | 11 link="/en/docs/mail/ngx_mail_ssl_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="26"> | 13 rev="27"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary | 18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary |
67 ... | 67 ... |
68 | 68 |
69 server { | 69 server { |
70 listen 993 ssl; | 70 listen 993 ssl; |
71 | 71 |
72 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | 72 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; |
73 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; | 73 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; |
74 ssl_certificate /usr/local/nginx/conf/cert.pem; | 74 ssl_certificate /usr/local/nginx/conf/cert.pem; |
75 ssl_certificate_key /usr/local/nginx/conf/cert.key; | 75 ssl_certificate_key /usr/local/nginx/conf/cert.key; |
76 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> | 76 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> |
77 <emphasis>ssl_session_timeout 10m;</emphasis> | 77 <emphasis>ssl_session_timeout 10m;</emphasis> |
418 [<literal>SSLv3</literal>] | 418 [<literal>SSLv3</literal>] |
419 [<literal>TLSv1</literal>] | 419 [<literal>TLSv1</literal>] |
420 [<literal>TLSv1.1</literal>] | 420 [<literal>TLSv1.1</literal>] |
421 [<literal>TLSv1.2</literal>] | 421 [<literal>TLSv1.2</literal>] |
422 [<literal>TLSv1.3</literal>]</syntax> | 422 [<literal>TLSv1.3</literal>]</syntax> |
423 <default>TLSv1 TLSv1.1 TLSv1.2</default> | 423 <default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default> |
424 <context>mail</context> | 424 <context>mail</context> |
425 <context>server</context> | 425 <context>server</context> |
426 | 426 |
427 <para> | 427 <para> |
428 Enables the specified protocols. | 428 Enables the specified protocols. |
431 (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. | 431 (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. |
432 </note> | 432 </note> |
433 <note> | 433 <note> |
434 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when | 434 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when |
435 OpenSSL 1.1.1 or higher is used. | 435 OpenSSL 1.1.1 or higher is used. |
436 </note> | |
437 <note> | |
438 The <literal>TLSv1.3</literal> parameter is used by default | |
439 since 1.23.4. | |
436 </note> | 440 </note> |
437 </para> | 441 </para> |
438 | 442 |
439 </directive> | 443 </directive> |
440 | 444 |