Syntax: ssl_ciphers ciphers; Default: ssl_ciphers HIGH:!aNULL:!MD5; Context: stream, server Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library, for example: ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; The full list can be viewed using the “openssl ciphers” command.

Syntax: ssl_certificate_key file; Default: — Context: stream, server Specifies a file with the secret key in the PEM format for the given server. The value engine:name:id can be specified instead of the file, which loads a secret key with a specified id from the OpenSSL engine name.

Syntax: ssl_ciphers ciphers; Default: ssl_ciphers HIGH:!aNULL:!MD5; Context: http, server Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library, for example: ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; The full list can be viewed using the “openssl ciphers” command. The previous versions of nginx used different ciphers by default.

Syntax: ssl_certificate_key file; Default: — Context: mail, server Specifies a file with the secret key in the PEM format for the given server. The value engine:name:id can be specified instead of the file (1.7.9), which loads a secret key with a specified id from the OpenSSL engine name.

Syntax: ssl_certificate_key file; Default: — Context: http, server Specifies a file with the secret key in the PEM format for the given virtual server. The value engine:name:id can be specified instead of the file (1.7.9), which loads a secret key with a specified id from the OpenSSL engine name.

Syntax: ssl_certificate file; Default: — Context: mail, server Specifies a file with the certificate in the PEM format for the given server. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates. A secret key in the PEM format may be placed in the same file. Since version 1.11.0, this directive can be specified

Syntax: ssl_certificate file; Default: — Context: stream, server Specifies a file with the certificate in the PEM format for the given server. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates. A secret key in the PEM format may be placed in the same file. Since version 1.11.0, this directive can be specifie

Syntax: ssl on | off; Default: ssl off; Context: mail, server Enables the SSL/TLS protocol for the given server.

Syntax: ssl_certificate file; Default: — Context: http, server Specifies a file with the certificate in the PEM format for the given virtual server. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates. A secret key in the PEM format may be placed in the same file. Since version 1.11.0, this directive can be sp

Syntax: ssl_buffer_size size; Default: ssl_buffer_size 16k; Context: http, server This directive appeared in version 1.5.9. Sets the size of the buffer used for sending data. By default, the buffer size is 16k, which corresponds to minimal overhead when sending big responses. To minimize Time To First Byte it may be beneficial to use smaller values, for example: ssl_buffer_size 4k;