Mercurial > hg > nginx-site

diff xml/en/docs/mail/ngx_mail_ssl_module.xml @ 1266:35d6ac64bf27

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented five directives in the mail ssl module. The following directives were documented: ssl_ciphers, ssl_dhparam, ssl_ecdh_curve, ssl_password_file, ssl_session_tickets.
author Yaroslav Zhuravlev <yar@nginx.com>
date Tue, 05 Aug 2014 19:07:39 +0400
parents ac131944d349
children 06322891b4e3
line wrap: on
line diff
--- a/xml/en/docs/mail/ngx_mail_ssl_module.xml	Tue Aug 05 18:00:00 2014 +0400
+++ b/xml/en/docs/mail/ngx_mail_ssl_module.xml	Tue Aug 05 19:07:39 2014 +0400
@@ -10,7 +10,7 @@
 <module name="Module ngx_mail_ssl_module"
         link="/en/docs/mail/ngx_mail_ssl_module.html"
         lang="en"
-        rev="3">
+        rev="4">
 
 <section id="summary">
 
@@ -79,6 +79,106 @@
 </directive>
 
 
+<directive name="ssl_ciphers">
+<syntax><value>ciphers</value></syntax>
+<default>HIGH:!aNULL:!MD5</default>
+<context>mail</context>
+<context>server</context>
+
+<para>
+Specifies the enabled ciphers.
+The ciphers are specified in the format understood by the
+OpenSSL library, for example:
+<example>
+ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+</example>
+</para>
+
+<para>
+The full list can be viewed using the
+“<command>openssl ciphers</command>” command.
+</para>
+
+<para>
+<note>
+The previous versions of nginx used
+<link doc="../http/configuring_https_servers.xml" id="compatibility">different</link>
+ciphers by default.
+</note>
+</para>
+
+</directive>
+
+
+<directive name="ssl_dhparam">
+<syntax><value>file</value></syntax>
+<default/>
+<context>mail</context>
+<context>server</context>
+<appeared-in>0.7.2</appeared-in>
+
+<para>
+Specifies a <value>file</value> with DH parameters for EDH ciphers.
+</para>
+
+</directive>
+
+
+<directive name="ssl_ecdh_curve">
+<syntax><value>curve</value></syntax>
+<default>prime256v1</default>
+<context>mail</context>
+<context>server</context>
+<appeared-in>1.1.0</appeared-in>
+<appeared-in>1.0.6</appeared-in>
+
+<para>
+Specifies a <value>curve</value> for ECDHE ciphers.
+</para>
+
+</directive>
+
+
+<directive name="ssl_password_file">
+<syntax><value>file</value></syntax>
+<default/>
+<context>mail</context>
+<context>server</context>
+<appeared-in>1.7.3</appeared-in>
+
+<para>
+Specifies a <value>file</value> with passphrases for
+<link id="ssl_certificate_key">secret keys</link>
+where each passphrase is specified on a separate line.
+Passphrases are tried in turn when loading the key.
+</para>
+
+<para>
+Example:
+<example>
+mail {
+    ssl_password_file /etc/keys/global.pass;
+    ...
+
+    server {
+        server_name mail1.example.com;
+        ssl_certificate_key /etc/keys/first.key;
+    }
+
+    server {
+        server_name mail2.example.com;
+
+        # named pipe can also be used instead of a file
+        ssl_password_file /etc/keys/fifo;
+        ssl_certificate_key /etc/keys/second.key;
+    }
+}
+</example>
+</para>
+
+</directive>
+
+
 <directive name="ssl_prefer_server_ciphers">
 <syntax><literal>on</literal> | <literal>off</literal></syntax>
 <default>off</default>
@@ -217,6 +317,21 @@
 </directive>
 
 
+<directive name="ssl_session_tickets">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>on</default>
+<context>mail</context>
+<context>server</context>
+<appeared-in>1.5.9</appeared-in>
+
+<para>
+Enables or disables session resumption through
+<link url="http://tools.ietf.org/html/rfc5077">TLS session tickets</link>.
+</para>
+
+</directive>
+
+
 <directive name="ssl_session_timeout">
 <syntax><value>time</value></syntax>
 <default>5m</default>