Syntax: uwsgi_ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2]; Default: uwsgi_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Context: http, server, location This directive appeared in version 1.5.8. Enables the specified protocols for requests to a secured uwsgi server.

Syntax: uwsgi_ssl_server_name on | off; Default: uwsgi_ssl_server_name off; Context: http, server, location This directive appeared in version 1.7.0. Enables or disables passing of the server name through TLS Server Name Indication extension (SNI, RFC 6066) when establishing a connection with the secured uwsgi server.

Syntax: uwsgi_ssl_session_reuse on | off; Default: uwsgi_ssl_session_reuse on; Context: http, server, location This directive appeared in version 1.5.8. Determines whether SSL sessions can be reused when working with a secured uwsgi server. If the errors “SSL3_GET_FINISHED:digest check failed” appear in the logs, try disabling session reuse.

Syntax: uwsgi_ssl_password_file file; Default: — Context: http, server, location This directive appeared in version 1.7.8. Specifies a file with passphrases for secret keys where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.

Syntax: uwsgi_ssl_name name; Default: uwsgi_ssl_name host from uwsgi_pass; Context: http, server, location This directive appeared in version 1.7.0. Allows overriding the server name used to verify the certificate of the secured uwsgi server and to be passed through SNI when establishing a connection with the secured uwsgi server. By default, the host part from uwsgi_pass is used.

Syntax: uwsgi_ssl_crl file; Default: — Context: http, server, location This directive appeared in version 1.7.0. Specifies a file with revoked certificates (CRL) in the PEM format used to verify the certificate of the secured uwsgi server.

Syntax: uwsgi_ssl_ciphers ciphers; Default: uwsgi_ssl_ciphers DEFAULT; Context: http, server, location This directive appeared in version 1.5.8. Specifies the enabled ciphers for requests to a secured uwsgi server. The ciphers are specified in the format understood by the OpenSSL library. The full list can be viewed using the “openssl ciphers” command.

Syntax: uwsgi_ssl_certificate_key file; Default: — Context: http, server, location This directive appeared in version 1.7.8. Specifies a file with the secret key in the PEM format used for authentication to a secured uwsgi server. The value engine:name:id can be specified instead of the file (1.7.9), which loads a secret key with a specified id from the OpenSSL engine name.

Syntax: uwsgi_send_timeout time; Default: uwsgi_send_timeout 60s; Context: http, server, location Sets a timeout for transmitting a request to the uwsgi server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the uwsgi server does not receive anything within this time, the connection is closed.

Syntax: uwsgi_request_buffering on | off; Default: uwsgi_request_buffering on; Context: http, server, location This directive appeared in version 1.7.11. Enables or disables buffering of a client request body. When buffering is enabled, the entire request body is read from the client before sending the request to a uwsgi server. When buffering is disabled, the request body is sent to the uwsgi server immediately as it is received. In this case, the request cannot be passed to