Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 374:a413dffb0557
Replaced "a href" with "link doc" / "link url".
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Mon, 30 Jan 2012 10:39:42 +0000 |
parents | 95d5dc7c9884 |
children | b83d332fbdaa |
comparison
equal
deleted
inserted
replaced
373:e179a6487bbd | 374:a413dffb0557 |
---|---|
55 </para> | 55 </para> |
56 | 56 |
57 <para> | 57 <para> |
58 CBC-mode ciphers might be vulnerable to a number of attacks and to | 58 CBC-mode ciphers might be vulnerable to a number of attacks and to |
59 the BEAST attack in particular (see | 59 the BEAST attack in particular (see |
60 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389">CVE-2011-3389</a>). | 60 <link url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389">CVE-2011-3389</link>). |
61 Configuration of ciphers can be adjusted to prefer RC4-SHA as the following: | 61 Configuration of ciphers can be adjusted to prefer RC4-SHA as the following: |
62 | 62 |
63 <programlisting> | 63 <programlisting> |
64 ssl_ciphers RC4:HIGH:!aNULL:!MD5; | 64 ssl_ciphers RC4:HIGH:!aNULL:!MD5; |
65 ssl_prefer_server_ciphers on; | 65 ssl_prefer_server_ciphers on; |
360 <section id="sni" name="Server Name Indication"> | 360 <section id="sni" name="Server Name Indication"> |
361 | 361 |
362 <para> | 362 <para> |
363 A more generic solution for running several HTTPS servers on a single | 363 A more generic solution for running several HTTPS servers on a single |
364 IP address is | 364 IP address is |
365 <a href="http://en.wikipedia.org/wiki/Server_Name_Indication">TLSv1.1 | 365 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLSv1.1 |
366 Server Name Indication extension</a> (SNI, RFC3546), | 366 Server Name Indication extension</link> (SNI, RFC3546), |
367 which allows a browser to pass a requested server name during the SSL handshake | 367 which allows a browser to pass a requested server name during the SSL handshake |
368 and, therefore, the server will know which certificate it should use | 368 and, therefore, the server will know which certificate it should use |
369 for the connection. | 369 for the connection. |
370 However, SNI has limited browser support. | 370 However, SNI has limited browser support. |
371 Currently it is supported starting with the following browsers versions: | 371 Currently it is supported starting with the following browsers versions: |