ssl_stapling_responder

Syntax: ssl_stapling_responder url; Default: — Context: http, server This directive appeared in version 1.3.7. Overrides the URL of the OCSP responder specified in the “Authority Information Access” certificate extension. Only “http://” OCSP responders are supported: ssl_stapling_responder http://ocsp.example.com/;

ssl_stapling

Syntax: ssl_stapling on | off; Default: ssl_stapling off; Context: http, server This directive appeared in version 1.3.7. Enables or disables stapling of OCSP responses by the server. Example: ssl_stapling on; resolver 192.0.2.1; For the OCSP stapling to work, the certificate of the server certificate issuer should be known. If the ssl_certificate file does not contain intermediate certificates, the certificate of the server certificate issuer should be present in the ssl_trus

ssl_stapling_file

Syntax: ssl_stapling_file file; Default: — Context: http, server This directive appeared in version 1.3.7. When set, the stapled OCSP response will be taken from the specified file instead of querying the OCSP responder specified in the server certificate. The file should be in the DER format as produced by the “openssl ocsp” command.

ssl_session_timeout

Syntax: ssl_session_timeout time; Default: ssl_session_timeout 5m; Context: http, server Specifies a time during which a client may reuse the session parameters.

ssl_session_ticket_key

Syntax: ssl_session_ticket_key file; Default: — Context: stream, server Sets a file with the secret key used to encrypt and decrypt TLS session tickets. The directive is necessary if the same key has to be shared between multiple servers. By default, a randomly generated key is used. If several keys are specified, only the first key is used to encrypt TLS session tickets. This allows configuring key rotation, for example: ssl_session_ticket_key current.key; ssl_session_ticket_k

ssl_session_timeout

Syntax: ssl_session_timeout time; Default: ssl_session_timeout 5m; Context: mail, server Specifies a time during which a client may reuse the session parameters.

ssl_session_timeout

Syntax: ssl_session_timeout time; Default: ssl_session_timeout 5m; Context: stream, server Specifies a time during which a client may reuse the session parameters.

ssl_session_tickets

Syntax: ssl_session_tickets on | off; Default: ssl_session_tickets on; Context: stream, server Enables or disables session resumption through TLS session tickets.

ssl_session_ticket_key

Syntax: ssl_session_ticket_key file; Default: — Context: mail, server This directive appeared in version 1.5.7. Sets a file with the secret key used to encrypt and decrypt TLS session tickets. The directive is necessary if the same key has to be shared between multiple servers. By default, a randomly generated key is used. If several keys are specified, only the first key is used to encrypt TLS session tickets. This allows configuring key rotation, for example: ssl_session_tic

ssl_session_ticket_key

Syntax: ssl_session_ticket_key file; Default: — Context: http, server This directive appeared in version 1.5.7. Sets a file with the secret key used to encrypt and decrypt TLS session tickets. The directive is necessary if the same key has to be shared between multiple servers. By default, a randomly generated key is used. If several keys are specified, only the first key is used to encrypt TLS session tickets. This allows configuring key rotation, for example: ssl_session_tic