ssl_prefer_server_ciphers

Syntax: ssl_prefer_server_ciphers on | off; Default: ssl_prefer_server_ciphers off; Context: mail, server Specifies that server ciphers should be preferred over client ciphers when the SSLv3 and TLS protocols are used.

ssl_prefer_server_ciphers

Syntax: ssl_prefer_server_ciphers on | off; Default: ssl_prefer_server_ciphers off; Context: http, server Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols.

ssl_password_file

Syntax: ssl_password_file file; Default: — Context: stream, server Specifies a file with passphrases for secret keys where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key. Example: stream { ssl_password_file /etc/keys/global.pass; ... server { listen 127.0.0.1:12345; ssl_certificate_key /etc/keys/first.key; } server { listen 127.0.0.1:12346; # named pipe can also be used i

ssl_password_file

Syntax: ssl_password_file file; Default: — Context: mail, server This directive appeared in version 1.7.3. Specifies a file with passphrases for secret keys where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key. Example: mail { ssl_password_file /etc/keys/global.pass; ... server { server_name mail1.example.com; ssl_certificate_key /etc/keys/first.key; } server { server_name mail2.

ssl_password_file

Syntax: ssl_password_file file; Default: — Context: http, server This directive appeared in version 1.7.3. Specifies a file with passphrases for secret keys where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key. Example: http { ssl_password_file /etc/keys/global.pass; ... server { server_name www1.example.com; ssl_certificate_key /etc/keys/first.key; } server { server_name www2.ex

ssl_handshake_timeout

Syntax: ssl_handshake_timeout time; Default: ssl_handshake_timeout 60s; Context: stream, server Specifies a timeout for the SSL handshake to complete.

ssl_engine

Syntax: ssl_engine device; Default: — Context: main Defines the name of the hardware SSL accelerator.

ssl_ecdh_curve

Syntax: ssl_ecdh_curve curve; Default: ssl_ecdh_curve auto; Context: stream, server Specifies a curve for ECDHE ciphers. When using OpenSSL 1.0.2 or higher, it is possible to specify multiple curves (1.11.0), for example: ssl_ecdh_curve prime256v1:secp384r1; The special value auto (1.11.0) instructs nginx to use a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, or prime256v1 with older versions. Prior to version 1.11.0, the prime256v1 curve was used

ssl_ecdh_curve

Syntax: ssl_ecdh_curve curve; Default: ssl_ecdh_curve auto; Context: mail, server This directive appeared in versions 1.1.0 and 1.0.6. Specifies a curve for ECDHE ciphers. When using OpenSSL 1.0.2 or higher, it is possible to specify multiple curves (1.11.0), for example: ssl_ecdh_curve prime256v1:secp384r1; The special value auto (1.11.0) instructs nginx to use a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, or prime256v1 with older versions. Pr

ssl_ecdh_curve

Syntax: ssl_ecdh_curve curve; Default: ssl_ecdh_curve auto; Context: http, server This directive appeared in versions 1.1.0 and 1.0.6. Specifies a curve for ECDHE ciphers. When using OpenSSL 1.0.2 or higher, it is possible to specify multiple curves (1.11.0), for example: ssl_ecdh_curve prime256v1:secp384r1; The special value auto (1.11.0) instructs nginx to use a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, or prime256v1 with older versions. Pr