ssl_dhparam

Syntax: ssl_dhparam file; Default: — Context: stream, server Specifies a file with DH parameters for DHE ciphers.

ssl_dhparam

Syntax: ssl_dhparam file; Default: — Context: mail, server This directive appeared in version 0.7.2. Specifies a file with DH parameters for DHE ciphers.

ssl_dhparam

Syntax: ssl_dhparam file; Default: — Context: http, server This directive appeared in version 0.7.2. Specifies a file with DH parameters for DHE ciphers.

ssl_crl

Syntax: ssl_crl file; Default: — Context: stream, server This directive appeared in version 1.11.8. Specifies a file with revoked certificates (CRL) in the PEM format used to verify client certificates.

ssl_crl

Syntax: ssl_crl file; Default: — Context: mail, server This directive appeared in version 1.7.11. Specifies a file with revoked certificates (CRL) in the PEM format used to verify client certificates.

ssl_crl

Syntax: ssl_crl file; Default: — Context: http, server This directive appeared in version 0.8.7. Specifies a file with revoked certificates (CRL) in the PEM format used to verify client certificates.

ssl_client_certificate

Syntax: ssl_client_certificate file; Default: — Context: stream, server This directive appeared in version 1.11.8. Specifies a file with trusted CA certificates in the PEM format used to verify client certificates. The list of certificates will be sent to clients. If this is not desired, the ssl_trusted_certificate directive can be used.

ssl_client_certificate

Syntax: ssl_client_certificate file; Default: — Context: mail, server This directive appeared in version 1.7.11. Specifies a file with trusted CA certificates in the PEM format used to verify client certificates. The list of certificates will be sent to clients. If this is not desired, the ssl_trusted_certificate directive can be used.

ssl_client_certificate

Syntax: ssl_client_certificate file; Default: — Context: http, server Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled. The list of certificates will be sent to clients. If this is not desired, the ssl_trusted_certificate directive can be used.

ssl_ciphers

Syntax: ssl_ciphers ciphers; Default: ssl_ciphers HIGH:!aNULL:!MD5; Context: stream, server Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library, for example: ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; The full list can be viewed using the “openssl ciphers” command.