nginx-site: xml/en/docs/http/ngx_http_ssl

comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 966:95c3c3bbf1ce

Text review.

author	Egor Nikitin <yegor.nikitin@gmail.com>
date	Wed, 14 Aug 2013 12:03:41 +0400
parents	d7f2325fa832
children	2b6a858c60dc

comparison

equal deleted inserted replaced

-:fadccc156188
+:95c3c3bbf1ce
 <listitem>
 enable keep-alive connections,
 </listitem>
 <listitem>
-enable shared session cache,
+enable the shared session cache,
 </listitem>
 <listitem>
-disable built-in session cache,
+disable the built-in session cache,
 </listitem>
 <listitem>
 and possibly increase the session lifetime (by default, 5 minutes):
 </listitem>
 <default/>
 <context>http</context>
 <context>server</context>
 <para>
-Specifies a <value>file</value> with a certificate in the PEM format
+Specifies a <value>file</value> with the certificate in the PEM format
 for the given virtual server.
 If intermediate certificates should be specified in addition
 to a primary certificate, they should be specified in the same file
 in the following order: the primary certificate comes first, then
 the intermediate certificates.
 <default/>
 <context>http</context>
 <context>server</context>
 <para>
-Specifies a <value>file</value> with a secret key in the PEM format
+Specifies a <value>file</value> with the secret key in the PEM format
 for the given virtual server.
 </para>
 </directive>
 <context>http</context>
 <context>server</context>
 <para>
 Enables the specified protocols.
-The parameters <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> work
+The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters work
-only when using the OpenSSL library version 1.0.1 and higher.
+only when the OpenSSL library of version 1.0.1 or higher is used.
 <note>
-The parameters <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> are
+The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters are
-supported starting from versions 1.1.13 and 1.0.12
+supported starting from versions 1.1.13 and 1.0.12,
-so when using OpenSSL version 1.0.1
+so when the OpenSSL version 1.0.1 or higher
-and higher on older nginx versions these protocols will work but could not
+is used on older nginx versions, these protocols work, but cannot
 be disabled.
 </note>
 </para>
 </directive>
 <default>none</default>
 <context>http</context>
 <context>server</context>
 <para>
-Sets types and sizes of caches that store session parameters.
+Sets the types and sizes of caches that store session parameters.
-A cache can be any of the following types:
+A cache can be of any of the following types:
 <list type="tag">
 <tag-name><literal>off</literal></tag-name>
 <tag-desc>
-the use of session cache is strictly prohibited:
+the use of a session cache is strictly prohibited:
 nginx explicitly tells a client that sessions may not be reused.
 </tag-desc>
 <tag-name><literal>none</literal></tag-name>
 <tag-desc>
-the use of session cache is gently disallowed:
+the use of a session cache is gently disallowed:
 nginx tells a client that sessions may be reused, but does not
-actually do that.
+actually store session parameters in the cache.
 </tag-desc>
 <tag-name><literal>builtin</literal></tag-name>
 <tag-desc>
 a cache built in OpenSSL; used by one worker process only.
 Use of the built-in cache can cause memory fragmentation.
 </tag-desc>
 <tag-name><literal>shared</literal></tag-name>
 <tag-desc>
-shared between all worker processes.
+a cache shared between all worker processes.
 The cache size is specified in bytes; one megabyte can store
 about 4000 sessions.
 Each shared cache should have an arbitrary name.
 A cache with the same name can be used in several virtual servers.
 </tag-desc>
 resolver 192.0.2.1;
 </example>
 </para>
 <para>
-For the OCSP stapling to work, the certificate of the issuer of the server
+For the OCSP stapling to work, the certificate of the server certificate
-certificate should be known.
+issuer should be known.
 If the <link id="ssl_certificate"/> file does
 not contain intermediate certificates,
-the certificate of the issuer of the server certificate should be
+the certificate of the server certificate issuer should be
 present in the
 <link id="ssl_trusted_certificate"/> file.
 </para>
 <para>
-The <link doc="ngx_http_core_module.xml" id="resolver"/> directive
+For a resolution of the OCSP responder hostname,
-should also be specified to allow for a resolution
+the <link doc="ngx_http_core_module.xml" id="resolver"/> directive
-of an OCSP responder hostname.
+should also be specified.
 </para>
 </directive>
 <context>http</context>
 <context>server</context>
 <appeared-in>1.3.7</appeared-in>
 <para>
-Overrides the URL of OCSP responder specified in the
+Overrides the URL of the OCSP responder specified in the
 “<link url="http://tools.ietf.org/html/rfc5280#section-4.2.2.1">Authority
 Information Access</link>” certificate extension.
 </para>
 <para>
 <para>
 Enables or disables verification of OCSP responses by the server.
 </para>
 <para>
-For verification to work, the certificate of the issuer of the server
+For verification to work, the certificate of the server certificate
-certificate, the root certificate, and all intermediate certificates
+issuer, the root certificate, and all intermediate certificates
 should be configured as trusted using the
 <link id="ssl_trusted_certificate"/> directive.
 </para>
 </directive>
 used to verify client certificates and
 OCSP responses if <link id="ssl_stapling"/> is enabled.
 </para>
 <para>
-In contrast to <link id="ssl_client_certificate"/>, the list of these
+In contrast to the certificate set by <link id="ssl_client_certificate"/>,
-certificates will not be sent to clients.
+the list of these certificates will not be sent to clients.
 </para>
 </directive>
 <context>http</context>
 <context>server</context>
 <para>
 Enables verification of client certificates.
-The result of verification is stored in the
+The verification result is stored in the
 <var>$ssl_client_verify</var> variable.
 </para>
 <para>
 The <literal>optional</literal> parameter (0.8.7+) requests the client
-certificate, and if certificate was present, verifies it.
+certificate and verifies it if the certificate is present.
 </para>
 <para>
 The <literal>optional_no_ca</literal> parameter (1.3.8, 1.2.5)
 requests the client
 certificate but does not require it to be signed by a trusted CA certificate.
-This is intended for the use in cases where actual certificate verification
+This is intended for the use in cases when a service that is external to nginx
-is performed by a service that is external to nginx.
+performs the actual certificate verification.
-The contents of a certificate is made available through the
+The contents of the certificate is accessible through the
 <var>$ssl_client_cert</var> variable.
 </para>
 </directive>
 <default>1</default>
 <context>http</context>
 <context>server</context>
 <para>
-Sets a verification depth in the client certificates chain.
+Sets the verification depth in the client certificates chain.
 </para>
 </directive>
 </section>
 an error has occurred during the client certificate verification;
 </tag-desc>
 <tag-name>496</tag-name>
 <tag-desc>
-a client did not present the required certificate;
+a client has not presented the required certificate;
 </tag-desc>
 <tag-name>497</tag-name>
 <tag-desc>
-a regular request was sent to the HTTPS port.
+a regular request has been sent to the HTTPS port.
 </tag-desc>
 </list>
 </para>
 <para>
-A redirection happens after the request was fully parsed and
+The redirection happens after the request is fully parsed and
-variables such as <var>$request_uri</var>,
+the variables, such as <var>$request_uri</var>,
-<var>$uri</var>, <var>$args</var> and others were made available.
+<var>$uri</var>, <var>$args</var> and others, are available.
 </para>
 </section>

Mercurial > hg > nginx-site

comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 966:95c3c3bbf1ce