Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_ssl_module.xml @ 1054:c5793e5c30d4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented the "ssl_ecdh_curve" directive.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 29 Jan 2014 19:30:25 +0400
parents f7ca80263893
children e26a9f598e40
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_ssl_module"
        link="/en/docs/http/ngx_http_ssl_module.html"
        lang="en"
        rev="10">

<section id="summary">

<para>
The <literal>ngx_http_ssl_module</literal> module provides the
necessary support for HTTPS.
</para>

<para>
This module is not built by default, it should be enabled with the
<literal>--with-http_ssl_module</literal>
configuration parameter.
<note>
This module requires the
<link url="http://www.openssl.org">OpenSSL</link> library.
</note>
</para>

</section>


<section id="example" name="Example Configuration">

<para>
To reduce the processor load it is recommended to
<list type="bullet">

<listitem>
set the number of worker processes equal to the number of processors,
</listitem>

<listitem>
enable keep-alive connections,
</listitem>

<listitem>
enable the shared session cache,
</listitem>

<listitem>
disable the built-in session cache,
</listitem>

<listitem>
and possibly increase the session lifetime (by default, 5 minutes):
</listitem>

</list>

<example>
<emphasis>worker_processes auto;</emphasis>

http {

    ...

    server {
        listen              443 ssl;
        <emphasis>keepalive_timeout   70;</emphasis>

        ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
        ssl_certificate     /usr/local/nginx/conf/cert.pem;
        ssl_certificate_key /usr/local/nginx/conf/cert.key;
        <emphasis>ssl_session_cache   shared:SSL:10m;</emphasis>
        <emphasis>ssl_session_timeout 10m;</emphasis>

        ...
    }
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="ssl">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>

<para>
Enables the HTTPS protocol for the given virtual server.
<note>
It is recommended to use the <literal>ssl</literal> parameter of the
<link doc="ngx_http_core_module.xml" id="listen"/> directive instead
of this directive.
</note>
</para>

</directive>


<directive name="ssl_buffer_size">
<syntax><value>size</value></syntax>
<default>16k</default>
<context>http</context>
<context>server</context>
<appeared-in>1.5.9</appeared-in>

<para>
Sets the size of the buffer used for sending data.
</para>

<para>
By default, the buffer size is 16k, which corresponds to minimal
overhead when sending big responses.
To minimize Time To First Byte it may be beneficial to use smaller values,
for example:
<example>
ssl_buffer_size 4k;
</example>
</para>

</directive>


<directive name="ssl_certificate">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>

<para>
Specifies a <value>file</value> with the certificate in the PEM format
for the given virtual server.
If intermediate certificates should be specified in addition
to a primary certificate, they should be specified in the same file
in the following order: the primary certificate comes first, then
the intermediate certificates.
A secret key in the PEM format may be placed in the same file.
</para>

<para>
It should be kept in mind that due to the HTTPS protocol limitations
virtual servers should listen on different IP addresses:
<example>
server {
    listen          192.168.1.1:443;
    server_name     one.example.com;
    ssl_certificate /usr/local/nginx/conf/one.example.com.cert;
    ...
}

server {
    listen          192.168.1.2:443;
    server_name     two.example.com;
    ssl_certificate /usr/local/nginx/conf/two.example.com.cert;
    ...
}
</example>
otherwise
<link doc="configuring_https_servers.xml"
    id="name_based_https_servers">the first server’s certificate</link>
will be issued for the second site.
</para>

</directive>


<directive name="ssl_certificate_key">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>

<para>
Specifies a <value>file</value> with the secret key in the PEM format
for the given virtual server.
</para>

</directive>


<directive name="ssl_ciphers">
<syntax><value>ciphers</value></syntax>
<default>HIGH:!aNULL:!MD5</default>
<context>http</context>
<context>server</context>

<para>
Specifies the enabled ciphers.
The ciphers are specified in the format understood by the
OpenSSL library, for example:
<example>
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
</example>
</para>

<para>
The full list can be viewed using the
“<command>openssl ciphers</command>” command.
</para>

<para>
<note>
The previous versions of nginx used
<link doc="configuring_https_servers.xml" id="compatibility">different</link>
ciphers by default.
</note>
</para>

</directive>


<directive name="ssl_client_certificate">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>

<para>
Specifies a <value>file</value> with trusted CA certificates in the PEM format
used to verify client certificates and
OCSP responses if <link id="ssl_stapling"/> is enabled.
</para>

<para>
The list of certificates will be sent to clients.
If this is not desired, the <link id="ssl_trusted_certificate"/>
directive can be used.
</para>

</directive>


<directive name="ssl_crl">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>0.8.7</appeared-in>

<para>
Specifies a <value>file</value> with revoked certificates (CRL)
in the PEM format used to verify client certificates.
</para>

</directive>


<directive name="ssl_dhparam">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>0.7.2</appeared-in>

<para>
Specifies a <value>file</value> with DH parameters for EDH ciphers.
</para>

</directive>


<directive name="ssl_ecdh_curve">
<syntax><value>curve</value></syntax>
<default>prime256v1</default>
<context>http</context>
<context>server</context>
<appeared-in>1.1.0</appeared-in>
<appeared-in>1.0.6</appeared-in>

<para>
Specifies a <value>curve</value> for ECDHE ciphers.
</para>

</directive>


<directive name="ssl_prefer_server_ciphers">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>

<para>
Specifies that server ciphers should be preferred over client
ciphers when using the SSLv3 and TLS protocols.
</para>

</directive>


<directive name="ssl_protocols">
<syntax>
    [<literal>SSLv2</literal>]
    [<literal>SSLv3</literal>]
    [<literal>TLSv1</literal>]
    [<literal>TLSv1.1</literal>]
    [<literal>TLSv1.2</literal>]</syntax>
<default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default>
<context>http</context>
<context>server</context>

<para>
Enables the specified protocols.
The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters work
only when the OpenSSL library of version 1.0.1 or higher is used.
<note>
The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters are
supported starting from versions 1.1.13 and 1.0.12,
so when the OpenSSL version 1.0.1 or higher
is used on older nginx versions, these protocols work, but cannot
be disabled.
</note>
</para>

</directive>


<directive name="ssl_session_cache">
<syntax>
    <literal>off</literal> |
    <literal>none</literal> |
    [<literal>builtin</literal>[:<value>size</value>]]
    [<literal>shared</literal>:<value>name</value>:<value>size</value>]</syntax>
<default>none</default>
<context>http</context>
<context>server</context>

<para>
Sets the types and sizes of caches that store session parameters.
A cache can be of any of the following types:
<list type="tag">

<tag-name><literal>off</literal></tag-name>
<tag-desc>
the use of a session cache is strictly prohibited:
nginx explicitly tells a client that sessions may not be reused.
</tag-desc>

<tag-name><literal>none</literal></tag-name>
<tag-desc>
the use of a session cache is gently disallowed:
nginx tells a client that sessions may be reused, but does not
actually store session parameters in the cache.
</tag-desc>

<tag-name><literal>builtin</literal></tag-name>
<tag-desc>
a cache built in OpenSSL; used by one worker process only.
The cache size is specified in sessions.
If size is not given, it is equal to 20480 sessions.
Use of the built-in cache can cause memory fragmentation.
</tag-desc>

<tag-name><literal>shared</literal></tag-name>
<tag-desc>
a cache shared between all worker processes.
The cache size is specified in bytes; one megabyte can store
about 4000 sessions.
Each shared cache should have an arbitrary name.
A cache with the same name can be used in several virtual servers.
</tag-desc>

</list>
</para>

<para>
Both cache types can be used simultaneously, for example:
<example>
ssl_session_cache builtin:1000 shared:SSL:10m;
</example>
but using only shared cache without the built-in cache should
be more efficient.
</para>

</directive>


<directive name="ssl_session_ticket_key">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.5.7</appeared-in>

<para>
Sets a <value>file</value> with the secret key used to encrypt
and decrypt TLS session tickets.
The directive is necessary if the same key has to be shared between
multiple servers.
By default, a randomly generated key is used.
</para>

<para>
If several keys are specified, only the first key is
used to encrypt TLS session tickets.
This allows to configure key rotation, for example:
<example>
ssl_session_ticket_key current.key;
ssl_session_ticket_key previous.key;
</example>
</para>

<para>
The <value>file</value> must contain 48 bytes of random data and can
be created using the following command:
<example>
openssl rand 48 > ticket.key
</example>
</para>

</directive>


<directive name="ssl_session_timeout">
<syntax><value>time</value></syntax>
<default>5m</default>
<context>http</context>
<context>server</context>

<para>
Specifies a time during which a client may reuse the
session parameters stored in a cache.
</para>

</directive>


<directive name="ssl_stapling">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
Enables or disables
<link url="http://tools.ietf.org/html/rfc4366#section-3.6">stapling
of OCSP responses</link> by the server.
Example:
<example>
ssl_stapling on;
resolver 192.0.2.1;
</example>
</para>

<para>
For the OCSP stapling to work, the certificate of the server certificate
issuer should be known.
If the <link id="ssl_certificate"/> file does
not contain intermediate certificates,
the certificate of the server certificate issuer should be
present in the
<link id="ssl_trusted_certificate"/> file.
</para>

<para>
For a resolution of the OCSP responder hostname,
the <link doc="ngx_http_core_module.xml" id="resolver"/> directive
should also be specified.
</para>

</directive>


<directive name="ssl_stapling_file">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
When set, the stapled OCSP response will be taken from the
specified <value>file</value> instead of querying
the OCSP responder specified in the server certificate.
</para>

<para>
The file should be in the DER format as produced by the
“<literal>openssl ocsp</literal>” command.
</para>

</directive>


<directive name="ssl_stapling_responder">
<syntax><value>url</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
Overrides the URL of the OCSP responder specified in the
“<link url="http://tools.ietf.org/html/rfc5280#section-4.2.2.1">Authority
Information Access</link>” certificate extension.
</para>

<para>
Only “<literal>http://</literal>” OCSP responders are supported:
<example>
ssl_stapling_responder http://ocsp.example.com/;
</example>
</para>

</directive>


<directive name="ssl_stapling_verify">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
Enables or disables verification of OCSP responses by the server.
</para>

<para>
For verification to work, the certificate of the server certificate
issuer, the root certificate, and all intermediate certificates
should be configured as trusted using the
<link id="ssl_trusted_certificate"/> directive.
</para>

</directive>


<directive name="ssl_trusted_certificate">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<appeared-in>1.3.7</appeared-in>

<para>
Specifies a <value>file</value> with trusted CA certificates in the PEM format
used to verify client certificates and
OCSP responses if <link id="ssl_stapling"/> is enabled.
</para>

<para>
In contrast to the certificate set by <link id="ssl_client_certificate"/>,
the list of these certificates will not be sent to clients.
</para>

</directive>


<directive name="ssl_verify_client">
<syntax>
    <literal>on</literal> | <literal>off</literal> |
    <literal>optional</literal> | <literal>optional_no_ca</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>

<para>
Enables verification of client certificates.
The verification result is stored in the
<var>$ssl_client_verify</var> variable.
</para>

<para>
The <literal>optional</literal> parameter (0.8.7+) requests the client
certificate and verifies it if the certificate is present.
</para>

<para>
The <literal>optional_no_ca</literal> parameter (1.3.8, 1.2.5)
requests the client
certificate but does not require it to be signed by a trusted CA certificate.
This is intended for the use in cases when a service that is external to nginx
performs the actual certificate verification.
The contents of the certificate is accessible through the
<var>$ssl_client_cert</var> variable.
</para>

</directive>


<directive name="ssl_verify_depth">
<syntax><value>number</value></syntax>
<default>1</default>
<context>http</context>
<context>server</context>

<para>
Sets the verification depth in the client certificates chain.
</para>

</directive>

</section>


<section id="errors" name="Error Processing">

<para>
The <literal>ngx_http_ssl_module</literal> module supports several
non-standard error codes that can be used for redirects using the
<link doc="ngx_http_core_module.xml" id="error_page"/> directive:
<list type="tag">

<tag-name>495</tag-name>
<tag-desc>
an error has occurred during the client certificate verification;
</tag-desc>

<tag-name>496</tag-name>
<tag-desc>
a client has not presented the required certificate;
</tag-desc>

<tag-name>497</tag-name>
<tag-desc>
a regular request has been sent to the HTTPS port.
</tag-desc>

</list>
</para>

<para>
The redirection happens after the request is fully parsed and
the variables, such as <var>$request_uri</var>,
<var>$uri</var>, <var>$args</var> and others, are available.
</para>

</section>


<section id="variables" name="Embedded Variables">

<para>
The <literal>ngx_http_ssl_module</literal> module supports
several embedded variables:
<list type="tag">

<tag-name><var>$ssl_cipher</var></tag-name>
<tag-desc>
returns the string of ciphers used
for an established SSL connection;
</tag-desc>

<tag-name><var>$ssl_client_cert</var></tag-name>
<tag-desc>
returns the client certificate in the PEM format
for an established SSL connection, with each line except the first
prepended with the tab character;
this is intended for the use in the
<link doc="ngx_http_proxy_module.xml" id="proxy_set_header"/> directive;
</tag-desc>

<tag-name><var>$ssl_client_raw_cert</var></tag-name>
<tag-desc>
returns the client certificate in the PEM format
for an established SSL connection;
</tag-desc>

<tag-name><var>$ssl_client_serial</var></tag-name>
<tag-desc>
returns the serial number of the client certificate
for an established SSL connection;
</tag-desc>

<tag-name><var>$ssl_client_s_dn</var></tag-name>
<tag-desc>
returns the “subject DN” string of the client certificate
for an established SSL connection;
</tag-desc>

<tag-name><var>$ssl_client_i_dn</var></tag-name>
<tag-desc>
returns the “issuer DN” string of the client certificate
for an established SSL connection;
</tag-desc>

<tag-name><var>$ssl_client_verify</var></tag-name>
<tag-desc>
returns the result of client certificate verification:
“<literal>SUCCESS</literal>”, “<literal>FAILED</literal>”, and
“<literal>NONE</literal>” if a certificate was not present;
</tag-desc>

<tag-name><var>$ssl_protocol</var></tag-name>
<tag-desc>
returns the protocol of an established SSL connection;
</tag-desc>

<tag-name><var>$ssl_session_id</var></tag-name>
<tag-desc>
returns the session identifier of an established SSL connection.
</tag-desc>

</list>
</para>

</section>

</module>