Support for user configurable SSL ciphers
Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/98949599 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/98949599 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/98949599 Branch: refs/heads/import-master Commit: 9894959972e9819bf8e28458abaca06ceeb56ba9 Parents: 3695591 Author: Terin Stock <[email protected]> Authored: Sun Apr 20 11:40:25 2014 +0100 Committer: Robert Newson <[email protected]> Committed: Sun Apr 20 12:07:10 2014 +0100 ---------------------------------------------------------------------- src/config/http.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/98949599/src/config/http.rst ---------------------------------------------------------------------- diff --git a/src/config/http.rst b/src/config/http.rst index 1ae3abe..dfe8d5a 100644 --- a/src/config/http.rst +++ b/src/config/http.rst @@ -387,6 +387,30 @@ Secure Socket Level Options [ssl] verify_ssl_certificates = false + .. config:option:: secure_renegotiate :: Enable secure renegotiation + + Set to `true` to reject renegotiation attempt that does not live up to RFC 5746:: + + [ssl] + secure_renegotiate = true + + .. config:option:: ciphers :: Specify permitted server cipher list + + Set to the cipher suites that should be supported which can be + specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}" or + in OpenSSL format "ECDHE-ECDSA-AES128-SHA256". + + [ssl] + ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"] + + .. config:option:: tls_versions :: Specify permitted server SSL/TLS + protocol versions + + Set to a list of permitted SSL/TLS protocol versions:: + + [ssl] + tls_versions = [sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2'] + .. _cors: .. _config/cors:
