xml/en/docs/http/configuring_https_servers.xml | 13 +++++++++----
xml/en/docs/http/ngx_http_grpc_module.xml | 4 ++--
xml/en/docs/http/ngx_http_proxy_module.xml | 4 ++--
xml/en/docs/http/ngx_http_ssl_module.xml | 6 +++---
xml/en/docs/http/ngx_http_uwsgi_module.xml | 4 ++--
xml/en/docs/mail/ngx_mail_ssl_module.xml | 6 +++---
xml/en/docs/stream/ngx_stream_proxy_module.xml | 4 ++--
xml/en/docs/stream/ngx_stream_ssl_module.xml | 6 +++---
xml/ru/docs/http/configuring_https_servers.xml | 13 +++++++++----
xml/ru/docs/http/ngx_http_grpc_module.xml | 4 ++--
xml/ru/docs/http/ngx_http_proxy_module.xml | 4 ++--
xml/ru/docs/http/ngx_http_ssl_module.xml | 6 +++---
xml/ru/docs/http/ngx_http_uwsgi_module.xml | 4 ++--
xml/ru/docs/mail/ngx_mail_ssl_module.xml | 6 +++---
xml/ru/docs/stream/ngx_stream_proxy_module.xml | 4 ++--
xml/ru/docs/stream/ngx_stream_ssl_module.xml | 6 +++---
16 files changed, 52 insertions(+), 42 deletions(-)
# HG changeset patch
# User Yaroslav Zhuravlev <y...@nginx.com>
# Date 1678486627 0
# Fri Mar 10 22:17:07 2023 +0000
# Node ID 477d0fe1e6cb95533ffb80de0b8851d8ec7c0fba
# Parent 0f468b4e01d67cab96a44e0886dda3180104ae1a
Added TLSv1.3 to the default value of ssl_protocols and friends.
diff --git a/xml/en/docs/http/configuring_https_servers.xml b/xml/en/docs/http/configuring_https_servers.xml
--- a/xml/en/docs/http/configuring_https_servers.xml
+++ b/xml/en/docs/http/configuring_https_servers.xml
@@ -8,7 +8,7 @@
<article name="Configuring HTTPS servers"
link="/en/docs/http/configuring_https_servers.html"
lang="en"
- rev="13"
+ rev="14"
author="Igor Sysoev"
editor="Brian Mercer">
@@ -31,7 +31,7 @@
server_name www.example.com;
ssl_certificate <b>www.example.com.crt</b>;
ssl_certificate_key <b>www.example.com.key</b>;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}
@@ -59,7 +59,7 @@
can be used to limit connections
to include only the strong versions and ciphers of SSL/TLS.
By default nginx uses
-“<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2</literal>”
+“<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</literal>”
and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”,
so configuring them explicitly is generally not needed.
Note that default values of these directives were
@@ -110,7 +110,7 @@
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
...
</programlisting>
@@ -446,6 +446,11 @@
<list type="bullet">
<listitem>
+Version 1.23.4 and later: the default SSL protocols are TLSv1,
+TLSv1.1, TLSv1.2, and TLSv1.3 (if supported by the OpenSSL library).
+</listitem>
+
+<listitem>
Version 1.9.1 and later: the default SSL protocols are TLSv1,
TLSv1.1, and TLSv1.2 (if supported by the OpenSSL library).
</listitem>
diff --git a/xml/en/docs/http/ngx_http_grpc_module.xml b/xml/en/docs/http/ngx_http_grpc_module.xml
--- a/xml/en/docs/http/ngx_http_grpc_module.xml
+++ b/xml/en/docs/http/ngx_http_grpc_module.xml
@@ -10,7 +10,7 @@
<module name="Module ngx_http_grpc_module"
link="/en/docs/http/ngx_http_grpc_module.html"
lang="en"
- rev="8">
+ rev="9">
<section id="summary">
@@ -633,7 +633,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>http</context>
<context>server</context>
<context>location</context>
diff --git a/xml/en/docs/http/ngx_http_proxy_module.xml b/xml/en/docs/http/ngx_http_proxy_module.xml
--- a/xml/en/docs/http/ngx_http_proxy_module.xml
+++ b/xml/en/docs/http/ngx_http_proxy_module.xml
@@ -10,7 +10,7 @@
<module name="Module ngx_http_proxy_module"
link="/en/docs/http/ngx_http_proxy_module.html"
lang="en"
- rev="75">
+ rev="76">
<section id="summary">
@@ -2096,7 +2096,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>http</context>
<context>server</context>
<context>location</context>
diff --git a/xml/en/docs/http/ngx_http_ssl_module.xml b/xml/en/docs/http/ngx_http_ssl_module.xml
--- a/xml/en/docs/http/ngx_http_ssl_module.xml
+++ b/xml/en/docs/http/ngx_http_ssl_module.xml
@@ -10,7 +10,7 @@
<module name="Module ngx_http_ssl_module"
link="/en/docs/http/ngx_http_ssl_module.html"
lang="en"
- rev="59">
+ rev="60">
<section id="summary">
@@ -76,7 +76,7 @@
listen 443 ssl;
<emphasis>keepalive_timeout 70;</emphasis>
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
@@ -595,7 +595,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>http</context>
<context>server</context>
diff --git a/xml/en/docs/http/ngx_http_uwsgi_module.xml b/xml/en/docs/http/ngx_http_uwsgi_module.xml
--- a/xml/en/docs/http/ngx_http_uwsgi_module.xml
+++ b/xml/en/docs/http/ngx_http_uwsgi_module.xml
@@ -10,7 +10,7 @@
<module name="Module ngx_http_uwsgi_module"
link="/en/docs/http/ngx_http_uwsgi_module.html"
lang="en"
- rev="49">
+ rev="50">
<section id="summary">
@@ -1546,7 +1546,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>http</context>
<context>server</context>
<context>location</context>
diff --git a/xml/en/docs/mail/ngx_mail_ssl_module.xml b/xml/en/docs/mail/ngx_mail_ssl_module.xml
--- a/xml/en/docs/mail/ngx_mail_ssl_module.xml
+++ b/xml/en/docs/mail/ngx_mail_ssl_module.xml
@@ -10,7 +10,7 @@
<module name="Module ngx_mail_ssl_module"
link="/en/docs/mail/ngx_mail_ssl_module.html"
lang="en"
- rev="26">
+ rev="27">
<section id="summary">
@@ -69,7 +69,7 @@
server {
listen 993 ssl;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
@@ -420,7 +420,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>mail</context>
<context>server</context>
diff --git a/xml/en/docs/stream/ngx_stream_proxy_module.xml b/xml/en/docs/stream/ngx_stream_proxy_module.xml
--- a/xml/en/docs/stream/ngx_stream_proxy_module.xml
+++ b/xml/en/docs/stream/ngx_stream_proxy_module.xml
@@ -9,7 +9,7 @@
<module name="Module ngx_stream_proxy_module"
link="/en/docs/stream/ngx_stream_proxy_module.html"
lang="en"
- rev="31">
+ rev="32">
<section id="summary">
@@ -543,7 +543,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>stream</context>
<context>server</context>
diff --git a/xml/en/docs/stream/ngx_stream_ssl_module.xml b/xml/en/docs/stream/ngx_stream_ssl_module.xml
--- a/xml/en/docs/stream/ngx_stream_ssl_module.xml
+++ b/xml/en/docs/stream/ngx_stream_ssl_module.xml
@@ -9,7 +9,7 @@
<module name="Module ngx_stream_ssl_module"
link="/en/docs/stream/ngx_stream_ssl_module.html"
lang="en"
- rev="31">
+ rev="32">
<section id="summary">
@@ -62,7 +62,7 @@
server {
listen 12345 ssl;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
@@ -444,7 +444,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>stream</context>
<context>server</context>
diff --git a/xml/ru/docs/http/configuring_https_servers.xml b/xml/ru/docs/http/configuring_https_servers.xml
--- a/xml/ru/docs/http/configuring_https_servers.xml
+++ b/xml/ru/docs/http/configuring_https_servers.xml
@@ -8,7 +8,7 @@
<article name="Настройка HTTPS-серверов"
link="/ru/docs/http/configuring_https_servers.html"
lang="ru"
- rev="13"
+ rev="14"
author="Игорь Сысоев"
editor="Brian Mercer">
@@ -30,7 +30,7 @@
server_name www.example.com;
ssl_certificate <b>www.example.com.crt</b>;
ssl_certificate_key <b>www.example.com.key</b>;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}
@@ -58,7 +58,7 @@
можно ограничить соединения
использованием только “сильных” версий и шифров SSL/TLS.
По умолчанию nginx использует
-“<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2</literal>” и
+“<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</literal>” и
“<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”,
поэтому их явная настройка в общем случае не требуется.
Следует отметить, что значения по умолчанию этих директив несколько раз
@@ -108,7 +108,7 @@
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
...
</programlisting>
@@ -445,6 +445,11 @@
<list type="bullet">
<listitem>
+Версия 1.23.4 и более поздние: протоколами SSL по умолчанию являются
+TLSv1, TLSv1.1, TLSv1.2 и TLSv1.3 (если поддерживается библиотекой OpenSSL).
+</listitem>
+
+<listitem>
Версия 1.9.1 и более поздние: протоколами SSL по умолчанию являются
TLSv1, TLSv1.1 и TLSv1.2 (если поддерживается библиотекой OpenSSL).
</listitem>
diff --git a/xml/ru/docs/http/ngx_http_grpc_module.xml b/xml/ru/docs/http/ngx_http_grpc_module.xml
--- a/xml/ru/docs/http/ngx_http_grpc_module.xml
+++ b/xml/ru/docs/http/ngx_http_grpc_module.xml
@@ -10,7 +10,7 @@
<module name="Модуль ngx_http_grpc_module"
link="/ru/docs/http/ngx_http_grpc_module.html"
lang="ru"
- rev="8">
+ rev="9">
<section id="summary">
@@ -632,7 +632,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>http</context>
<context>server</context>
<context>location</context>
diff --git a/xml/ru/docs/http/ngx_http_proxy_module.xml b/xml/ru/docs/http/ngx_http_proxy_module.xml
--- a/xml/ru/docs/http/ngx_http_proxy_module.xml
+++ b/xml/ru/docs/http/ngx_http_proxy_module.xml
@@ -10,7 +10,7 @@
<module name="Модуль ngx_http_proxy_module"
link="/ru/docs/http/ngx_http_proxy_module.html"
lang="ru"
- rev="75">
+ rev="76">
<section id="summary">
@@ -2098,7 +2098,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>http</context>
<context>server</context>
<context>location</context>
diff --git a/xml/ru/docs/http/ngx_http_ssl_module.xml b/xml/ru/docs/http/ngx_http_ssl_module.xml
--- a/xml/ru/docs/http/ngx_http_ssl_module.xml
+++ b/xml/ru/docs/http/ngx_http_ssl_module.xml
@@ -10,7 +10,7 @@
<module name="Модуль ngx_http_ssl_module"
link="/ru/docs/http/ngx_http_ssl_module.html"
lang="ru"
- rev="59">
+ rev="60">
<section id="summary">
@@ -76,7 +76,7 @@
listen 443 ssl;
<emphasis>keepalive_timeout 70;</emphasis>
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
@@ -600,7 +600,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>http</context>
<context>server</context>
diff --git a/xml/ru/docs/http/ngx_http_uwsgi_module.xml b/xml/ru/docs/http/ngx_http_uwsgi_module.xml
--- a/xml/ru/docs/http/ngx_http_uwsgi_module.xml
+++ b/xml/ru/docs/http/ngx_http_uwsgi_module.xml
@@ -10,7 +10,7 @@
<module name="Модуль ngx_http_uwsgi_module"
link="/ru/docs/http/ngx_http_uwsgi_module.html"
lang="ru"
- rev="49">
+ rev="50">
<section id="summary">
@@ -1542,7 +1542,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>http</context>
<context>server</context>
<context>location</context>
diff --git a/xml/ru/docs/mail/ngx_mail_ssl_module.xml b/xml/ru/docs/mail/ngx_mail_ssl_module.xml
--- a/xml/ru/docs/mail/ngx_mail_ssl_module.xml
+++ b/xml/ru/docs/mail/ngx_mail_ssl_module.xml
@@ -10,7 +10,7 @@
<module name="Модуль ngx_mail_ssl_module"
link="/ru/docs/mail/ngx_mail_ssl_module.html"
lang="ru"
- rev="26">
+ rev="27">
<section id="summary">
@@ -69,7 +69,7 @@
server {
listen 993 ssl;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
@@ -422,7 +422,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>mail</context>
<context>server</context>
diff --git a/xml/ru/docs/stream/ngx_stream_proxy_module.xml b/xml/ru/docs/stream/ngx_stream_proxy_module.xml
--- a/xml/ru/docs/stream/ngx_stream_proxy_module.xml
+++ b/xml/ru/docs/stream/ngx_stream_proxy_module.xml
@@ -9,7 +9,7 @@
<module name="Модуль ngx_stream_proxy_module"
link="/ru/docs/stream/ngx_stream_proxy_module.html"
lang="ru"
- rev="31">
+ rev="32">
<section id="summary">
@@ -543,7 +543,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>stream</context>
<context>server</context>
diff --git a/xml/ru/docs/stream/ngx_stream_ssl_module.xml b/xml/ru/docs/stream/ngx_stream_ssl_module.xml
--- a/xml/ru/docs/stream/ngx_stream_ssl_module.xml
+++ b/xml/ru/docs/stream/ngx_stream_ssl_module.xml
@@ -9,7 +9,7 @@
<module name="Модуль ngx_stream_ssl_module"
link="/ru/docs/stream/ngx_stream_ssl_module.html"
lang="ru"
- rev="31">
+ rev="32">
<section id="summary">
@@ -62,7 +62,7 @@
server {
listen 12345 ssl;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
@@ -447,7 +447,7 @@
[<literal>TLSv1.1</literal>]
[<literal>TLSv1.2</literal>]
[<literal>TLSv1.3</literal>]</syntax>
-<default>TLSv1 TLSv1.1 TLSv1.2</default>
+<default>TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</default>
<context>stream</context>
<context>server</context>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
