Repository: trafficserver Updated Branches: refs/heads/master 50b872cf6 -> d8ca84854
clarify which ssl parms are optional Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cd1f5602 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cd1f5602 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cd1f5602 Branch: refs/heads/master Commit: cd1f560279b521f6e642fcdcb88b6a8d2176faac Parents: 50b872c Author: Miles Libbey <[email protected]> Authored: Tue Mar 4 13:26:13 2014 -0800 Committer: Miles Libbey <[email protected]> Committed: Fri May 16 12:56:22 2014 -0700 ---------------------------------------------------------------------- .../configuration/ssl_multicert.config.en.rst | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd1f5602/doc/reference/configuration/ssl_multicert.config.en.rst ---------------------------------------------------------------------- diff --git a/doc/reference/configuration/ssl_multicert.config.en.rst b/doc/reference/configuration/ssl_multicert.config.en.rst index fa45e3d..a895f0f 100644 --- a/doc/reference/configuration/ssl_multicert.config.en.rst +++ b/doc/reference/configuration/ssl_multicert.config.en.rst @@ -52,35 +52,35 @@ ssl_cert_name=FILENAME :ts:cv:`proxy.config.ssl.server.cert.path` configuration variable. This is the only field that is required to be present. -dest_ip=ADDRESS +dest_ip=ADDRESS (optional) The IP (v4 or v6) address that the certificate should be presented on. This is now only used as a fallback in the case that the TLS SubjectNameIndication extension is not supported. If `ADDRESS` is `*`, the corresponding certificate will be used as the global - default fallback if no other match can be made. The address may + default fallback if no other match can be made. The address may contain a port specifier, in which case the corresponding certificate will only match for connections accepted on the specified port. IPv6 addresses must be enclosed by square brackets if they have - a port, eg, [::1]:80. + a port, eg, [::1]:80. Care should be taken to make each ADDRESS unique. -ssl_key_name=FILENAME +ssl_key_name=FILENAME (optional) The name of the file containing the private key for this certificate. If the key is contained in the certificate file, this field can be omitted, otherwise `FILENAME` is resolved relative to the :ts:cv:`proxy.config.ssl.server.private_key.path` configuration variable. -ssl_ca_name=FILENAME +ssl_ca_name=FILENAME (optional) If the certificate is issued by an authority that is not in the system CA bundle, additional certificates may be needed to validate the certificate chain. `FILENAME` is resolved relative to the :ts:cv:`proxy.config.ssl.CA.cert.path` configuration variable. -ssl_ticket_enabled=1|0 +ssl_ticket_enabled=1|0 (optional) Enable :rfc:`5077` stateless TLS session tickets. To support this, OpenSSL should be upgraded to version 0.9.8f or higher. This option must be set to `0` to disable session ticket support. -ticket_key_name=FILENAME +ticket_key_name=FILENAME (optional) The name of session ticket key file which contains a secret for encrypting and decrypting TLS session tickets. If `FILENAME` is not an absolute path, it is resolved relative to the @@ -94,7 +94,7 @@ ticket_key_name=FILENAME specified, and internal session ticket key is generated. This key will be different each time Traffic Server is started. -ssl_key_dialog=builtin|"exec:/path/to/program [args]" +ssl_key_dialog=builtin|"exec:/path/to/program [args]" (optional) Method used to provide a pass phrase for encrypted private keys. If the pass phrase is incorrect, SSL negotiation for this dest_ip will fail for clients who attempt to connect.
