Mercurial > hg > nginx-site

comparison xml/en/docs/mail/ngx_mail_ssl_module.xml @ 2948:37e082fd009c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added TLSv1.3 to the default value of ssl_protocols and friends.
author Yaroslav Zhuravlev <yar@nginx.com>
date Fri, 10 Mar 2023 22:17:07 +0000
parents 8033ffaedeb9
children 2b02fee0d12e
comparison
equal deleted inserted replaced
2947:39a5ac34d794 2948:37e082fd009c
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
9 9
10 <module name="Module ngx_mail_ssl_module" 10 <module name="Module ngx_mail_ssl_module"
11 link="/en/docs/mail/ngx_mail_ssl_module.html" 11 link="/en/docs/mail/ngx_mail_ssl_module.html"
12 lang="en" 12 lang="en"
13 rev="26"> 13 rev="27">
14 14
15 <section id="summary"> 15 <section id="summary">
16 16
17 <para> 17 <para>
18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary 18 The <literal>ngx_mail_ssl_module</literal> module provides the necessary
67 ... 67 ...
68 68
69 server { 69 server {
70 listen 993 ssl; 70 listen 993 ssl;
71 71
72 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 72 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
73 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; 73 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
74 ssl_certificate /usr/local/nginx/conf/cert.pem; 74 ssl_certificate /usr/local/nginx/conf/cert.pem;
75 ssl_certificate_key /usr/local/nginx/conf/cert.key; 75 ssl_certificate_key /usr/local/nginx/conf/cert.key;
76 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> 76 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis>
77 <emphasis>ssl_session_timeout 10m;</emphasis> 77 <emphasis>ssl_session_timeout 10m;</emphasis>
418 [<literal>SSLv3</literal>] 418 [<literal>SSLv3</literal>]
419 [<literal>TLSv1</literal>] 419 [<literal>TLSv1</literal>]
420 [<literal>TLSv1.1</literal>] 420 [<literal>TLSv1.1</literal>]
421 [<literal>TLSv1.2</literal>] 421 [<literal>TLSv1.2</literal>]
422 [<literal>TLSv1.3</literal>]</syntax> 422 [<literal>TLSv1.3</literal>]</syntax>
423 <default>TLSv1 TLSv1.1 TLSv1.2</default> 423 <default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
424 <context>mail</context> 424 <context>mail</context>
425 <context>server</context> 425 <context>server</context>
426 426
427 <para> 427 <para>
428 Enables the specified protocols. 428 Enables the specified protocols.
431 (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. 431 (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used.
432 </note> 432 </note>
433 <note> 433 <note>
434 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when 434 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when
435 OpenSSL 1.1.1 or higher is used. 435 OpenSSL 1.1.1 or higher is used.
436 </note>
437 <note>
438 The <literal>TLSv1.3</literal> parameter is used by default
439 since 1.23.4.
436 </note> 440 </note>
437 </para> 441 </para>
438 442
439 </directive> 443 </directive>
440 444