Mercurial > hg > nginx-site

comparison xml/en/docs/stream/ngx_stream_ssl_module.xml @ 2948:37e082fd009c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added TLSv1.3 to the default value of ssl_protocols and friends.
author Yaroslav Zhuravlev <yar@nginx.com>
date Fri, 10 Mar 2023 22:17:07 +0000
parents 8033ffaedeb9
children 807f064844a5
comparison
equal deleted inserted replaced
2947:39a5ac34d794 2948:37e082fd009c
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
8 8
9 <module name="Module ngx_stream_ssl_module" 9 <module name="Module ngx_stream_ssl_module"
10 link="/en/docs/stream/ngx_stream_ssl_module.html" 10 link="/en/docs/stream/ngx_stream_ssl_module.html"
11 lang="en" 11 lang="en"
12 rev="31"> 12 rev="32">
13 13
14 <section id="summary"> 14 <section id="summary">
15 15
16 <para> 16 <para>
17 The <literal>ngx_stream_ssl_module</literal> module (1.9.0) 17 The <literal>ngx_stream_ssl_module</literal> module (1.9.0)
60 ... 60 ...
61 61
62 server { 62 server {
63 listen 12345 ssl; 63 listen 12345 ssl;
64 64
65 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 65 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
66 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; 66 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
67 ssl_certificate /usr/local/nginx/conf/cert.pem; 67 ssl_certificate /usr/local/nginx/conf/cert.pem;
68 ssl_certificate_key /usr/local/nginx/conf/cert.key; 68 ssl_certificate_key /usr/local/nginx/conf/cert.key;
69 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> 69 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis>
70 <emphasis>ssl_session_timeout 10m;</emphasis> 70 <emphasis>ssl_session_timeout 10m;</emphasis>
442 [<literal>SSLv3</literal>] 442 [<literal>SSLv3</literal>]
443 [<literal>TLSv1</literal>] 443 [<literal>TLSv1</literal>]
444 [<literal>TLSv1.1</literal>] 444 [<literal>TLSv1.1</literal>]
445 [<literal>TLSv1.2</literal>] 445 [<literal>TLSv1.2</literal>]
446 [<literal>TLSv1.3</literal>]</syntax> 446 [<literal>TLSv1.3</literal>]</syntax>
447 <default>TLSv1 TLSv1.1 TLSv1.2</default> 447 <default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
448 <context>stream</context> 448 <context>stream</context>
449 <context>server</context> 449 <context>server</context>
450 450
451 <para> 451 <para>
452 Enables the specified protocols. 452 Enables the specified protocols.
455 only when OpenSSL 1.0.1 or higher is used. 455 only when OpenSSL 1.0.1 or higher is used.
456 </note> 456 </note>
457 <note> 457 <note>
458 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when 458 The <literal>TLSv1.3</literal> parameter (1.13.0) works only when
459 OpenSSL 1.1.1 or higher is used. 459 OpenSSL 1.1.1 or higher is used.
460 </note>
461 <note>
462 The <literal>TLSv1.3</literal> parameter is used by default
463 since 1.23.4.
460 </note> 464 </note>
461 </para> 465 </para>
462 466
463 </directive> 467 </directive>
464 468