Mercurial > hg > nginx-site

comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 2831:4add6ae1296f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated links to datatracker.ietf.org.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 26 Jan 2022 16:26:47 +0300
parents 4b73197f8ca9
children 92e5dca02091
comparison
equal deleted inserted replaced
2830:419b081fd2fa 2831:4add6ae1296f
378 <context>server</context> 378 <context>server</context>
379 <appeared-in>1.15.3</appeared-in> 379 <appeared-in>1.15.3</appeared-in>
380 380
381 <para> 381 <para>
382 Enables or disables TLS 1.3 382 Enables or disables TLS 1.3
383 <link url="https://tools.ietf.org/html/rfc8446#section-2.3">early data</link>. 383 <link url="https://datatracker.ietf.org/doc/html/rfc8446#section-2.3">early data</link>.
384 <note> 384 <note>
385 Requests sent within early data are subject to 385 Requests sent within early data are subject to
386 <link url="https://tools.ietf.org/html/rfc8470">replay attacks</link>. 386 <link url="https://datatracker.ietf.org/doc/html/rfc8470">replay attacks</link>.
387 To protect against such attacks at the application layer, 387 To protect against such attacks at the application layer,
388 the <link id="var_ssl_early_data">$ssl_early_data</link> variable 388 the <link id="var_ssl_early_data">$ssl_early_data</link> variable
389 should be used. 389 should be used.
390 </note> 390 </note>
391 391
516 <context>server</context> 516 <context>server</context>
517 <appeared-in>1.19.0</appeared-in> 517 <appeared-in>1.19.0</appeared-in>
518 518
519 <para> 519 <para>
520 Overrides the URL of the OCSP responder specified in the 520 Overrides the URL of the OCSP responder specified in the
521 “<link url="https://tools.ietf.org/html/rfc5280#section-4.2.2.1">Authority 521 “<link url="https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.1">Authority
522 Information Access</link>” certificate extension 522 Information Access</link>” certificate extension
523 for <link id="ssl_ocsp">validation</link> of client certificates. 523 for <link id="ssl_ocsp">validation</link> of client certificates.
524 </para> 524 </para>
525 525
526 <para> 526 <para>
752 <context>server</context> 752 <context>server</context>
753 <appeared-in>1.5.9</appeared-in> 753 <appeared-in>1.5.9</appeared-in>
754 754
755 <para> 755 <para>
756 Enables or disables session resumption through 756 Enables or disables session resumption through
757 <link url="https://tools.ietf.org/html/rfc5077">TLS session tickets</link>. 757 <link url="https://datatracker.ietf.org/doc/html/rfc5077">TLS session tickets</link>.
758 </para> 758 </para>
759 759
760 </directive> 760 </directive>
761 761
762 762
781 <context>server</context> 781 <context>server</context>
782 <appeared-in>1.3.7</appeared-in> 782 <appeared-in>1.3.7</appeared-in>
783 783
784 <para> 784 <para>
785 Enables or disables 785 Enables or disables
786 <link url="https://tools.ietf.org/html/rfc6066#section-8">stapling 786 <link url="https://datatracker.ietf.org/doc/html/rfc6066#section-8">stapling
787 of OCSP responses</link> by the server. 787 of OCSP responses</link> by the server.
788 Example: 788 Example:
789 <example> 789 <example>
790 ssl_stapling on; 790 ssl_stapling on;
791 resolver 192.0.2.1; 791 resolver 192.0.2.1;
839 <context>server</context> 839 <context>server</context>
840 <appeared-in>1.3.7</appeared-in> 840 <appeared-in>1.3.7</appeared-in>
841 841
842 <para> 842 <para>
843 Overrides the URL of the OCSP responder specified in the 843 Overrides the URL of the OCSP responder specified in the
844 “<link url="https://tools.ietf.org/html/rfc5280#section-4.2.2.1">Authority 844 “<link url="https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.1">Authority
845 Information Access</link>” certificate extension. 845 Information Access</link>” certificate extension.
846 </para> 846 </para>
847 847
848 <para> 848 <para>
849 Only “<literal>http://</literal>” OCSP responders are supported: 849 Only “<literal>http://</literal>” OCSP responders are supported:
1040 1040
1041 <tag-name id="var_ssl_client_i_dn"><var>$ssl_client_i_dn</var></tag-name> 1041 <tag-name id="var_ssl_client_i_dn"><var>$ssl_client_i_dn</var></tag-name>
1042 <tag-desc> 1042 <tag-desc>
1043 returns the “issuer DN” string of the client certificate 1043 returns the “issuer DN” string of the client certificate
1044 for an established SSL connection according to 1044 for an established SSL connection according to
1045 <link url="https://tools.ietf.org/html/rfc2253">RFC 2253</link> (1.11.6); 1045 <link url="https://datatracker.ietf.org/doc/html/rfc2253">RFC 2253</link> (1.11.6);
1046 </tag-desc> 1046 </tag-desc>
1047 1047
1048 <tag-name id="var_ssl_client_i_dn_legacy"><var>$ssl_client_i_dn_legacy</var></tag-name> 1048 <tag-name id="var_ssl_client_i_dn_legacy"><var>$ssl_client_i_dn_legacy</var></tag-name>
1049 <tag-desc> 1049 <tag-desc>
1050 returns the “issuer DN” string of the client certificate 1050 returns the “issuer DN” string of the client certificate
1063 1063
1064 <tag-name id="var_ssl_client_s_dn"><var>$ssl_client_s_dn</var></tag-name> 1064 <tag-name id="var_ssl_client_s_dn"><var>$ssl_client_s_dn</var></tag-name>
1065 <tag-desc> 1065 <tag-desc>
1066 returns the “subject DN” string of the client certificate 1066 returns the “subject DN” string of the client certificate
1067 for an established SSL connection according to 1067 for an established SSL connection according to
1068 <link url="https://tools.ietf.org/html/rfc2253">RFC 2253</link> (1.11.6); 1068 <link url="https://datatracker.ietf.org/doc/html/rfc2253">RFC 2253</link> (1.11.6);
1069 </tag-desc> 1069 </tag-desc>
1070 1070
1071 <tag-name id="var_ssl_client_s_dn_legacy"><var>$ssl_client_s_dn_legacy</var></tag-name> 1071 <tag-name id="var_ssl_client_s_dn_legacy"><var>$ssl_client_s_dn_legacy</var></tag-name>
1072 <tag-desc> 1072 <tag-desc>
1073 returns the “subject DN” string of the client certificate 1073 returns the “subject DN” string of the client certificate