1
<?xml version="1.0"?>
2

3
<!--
4
  Copyright (C) Nginx, Inc.
5
  -->
6

7
<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
8

9
<module name="Module ngx_stream_ssl_module"
10
        link="/en/docs/stream/ngx_stream_ssl_module.html"
11
        lang="en"
12
        rev="47">
13

14
<section id="summary">
15

16
<para>
17
The <literal>ngx_stream_ssl_module</literal> module (1.9.0)
18
provides the necessary support for a stream proxy server to work with
19
the SSL/TLS protocol.
20
</para>
21

22
<para>
23
This module is not built by default, it should be enabled with the
24
<literal>--with-stream_ssl_module</literal>
25
configuration parameter.
26
<note>
27
This module requires the
28
<link url="http://www.openssl.org">OpenSSL</link> library.
29
</note>
30
</para>
31

32
</section>
33

34

35
<section id="example" name="Example Configuration">
36

37
<para>
38
To reduce the processor load, it is recommended to
39
<list type="bullet">
40

41
<listitem>
42
set the number of
43
<link doc="../ngx_core_module.xml" id="worker_processes">worker processes</link>
44
equal to the number of processors,
45
</listitem>
46

47
<listitem>
48
enable the <link id="ssl_session_cache_shared">shared</link> session cache,
49
</listitem>
50

51
<listitem>
52
disable the <link id="ssl_session_cache_builtin">built-in</link> session cache,
53
</listitem>
54

55
<listitem>
56
and possibly increase the session <link id="ssl_session_timeout">lifetime</link>
57
(by default, 5 minutes):
58
</listitem>
59

60
</list>
61

62
<example>
63
<emphasis>worker_processes auto;</emphasis>
64

65
stream {
66

67
    ...
68

69
    server {
70
        listen              12345 ssl;
71

72
        ssl_protocols       TLSv1.2 TLSv1.3;
73
        ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
74
        ssl_certificate     /usr/local/nginx/conf/cert.pem;
75
        ssl_certificate_key /usr/local/nginx/conf/cert.key;
76
        <emphasis>ssl_session_cache   shared:SSL:10m;</emphasis>
77
        <emphasis>ssl_session_timeout 10m;</emphasis>
78

79
        ...
80
    }
81
</example>
82
</para>
83

84
</section>
85

86

87
<section id="directives" name="Directives">
88

89
<directive name="ssl_alpn">
90
<syntax><value>protocol</value> ...</syntax>
91
<default/>
92
<context>stream</context>
93
<context>server</context>
94
<appeared-in>1.21.4</appeared-in>
95

96
<para>
97
Specifies the list of supported
98
<link url="https://datatracker.ietf.org/doc/html/rfc7301">ALPN</link> protocols.
99
One of the protocols must be
100
<link id="var_ssl_alpn_protocol">negotiated</link> if the client uses ALPN:
101
<example>
102
map $ssl_alpn_protocol $proxy {
103
    h2                127.0.0.1:8001;
104
    http/1.1          127.0.0.1:8002;
105
}
106

107
server {
108
    listen      12346;
109
    proxy_pass  $proxy;
110
    ssl_alpn    h2 http/1.1;
111
}
112
</example>
113
</para>
114

115
</directive>
116

117

118
<directive name="ssl_certificate">
119
<syntax><value>file</value></syntax>
120
<default/>
121
<context>stream</context>
122
<context>server</context>
123

124
<para>
125
Specifies a <value>file</value> with the certificate in the PEM format
126
for the given virtual server.
127
If intermediate certificates should be specified in addition to a primary
128
certificate, they should be specified in the same file in the following
129
order: the primary certificate comes first, then the intermediate certificates.
130
A secret key in the PEM format may be placed in the same file.
131
</para>
132

133
<para>
134
Since version 1.11.0,
135
this directive can be specified multiple times
136
to load certificates of different types, for example, RSA and ECDSA:
137
<example>
138
server {
139
    listen              12345 ssl;
140

141
    ssl_certificate     example.com.rsa.crt;
142
    ssl_certificate_key example.com.rsa.key;
143

144
    ssl_certificate     example.com.ecdsa.crt;
145
    ssl_certificate_key example.com.ecdsa.key;
146

147
    ...
148
}
149
</example>
150
<note>
151
Only OpenSSL 1.0.2 or higher supports separate
152
<link doc="../http/configuring_https_servers.xml" id="chains">certificate
153
chains</link>
154
for different certificates.
155
With older versions, only one certificate chain can be used.
156
</note>
157
</para>
158

159
<para id="ssl_certificate_variables">
160
Since version 1.15.9, variables can be used in the <value>file</value> name
161
when using OpenSSL 1.0.2 or higher:
162
<example>
163
ssl_certificate     $ssl_server_name.crt;
164
ssl_certificate_key $ssl_server_name.key;
165
</example>
166
Note that using variables implies that
167
a certificate will be loaded for each SSL handshake,
168
and this may have a negative impact on performance.
169
</para>
170

171
<para id="ssl_certificate_data">
172
The value
173
<literal>data</literal>:<value>$variable</value>
174
can be specified instead of the <value>file</value> (1.15.10),
175
which loads a certificate from a variable
176
without using intermediate files.
177
Note that inappropriate use of this syntax may have its security implications,
178
such as writing secret key data to
179
<link doc="../ngx_core_module.xml" id="error_log">error log</link>.
180
</para>
181

182
<para>
183
It should be kept in mind that due to the SSL/TLS protocol limitations,
184
for maximum interoperability with clients that do not use
185
<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">SNI</link>,
186
virtual servers with different certificates should listen on
187
<link doc="../http/configuring_https_servers.xml"
188
      id="name_based_https_servers">different
189
IP addresses</link>.
190
</para>
191

192
</directive>
193

194

195
<directive name="ssl_certificate_cache">
196
<syntax><literal>off</literal></syntax>
197
<syntax>
198
    <literal>max</literal>=<value>N</value>
199
    [<literal>inactive</literal>=<value>time</value>]
200
    [<literal>valid</literal>=<value>time</value>]</syntax>
201
<default>off</default>
202
<context>stream</context>
203
<context>server</context>
204
<appeared-in>1.27.4</appeared-in>
205

206
<para>
207
Defines a cache that stores
208
<link id="ssl_certificate">SSL certificates</link> and
209
<link id="ssl_certificate_key">secret keys</link>
210
specified with <link id="ssl_certificate_key_variables">variables</link>.
211
</para>
212

213
<para>
214
The directive has the following parameters:
215
<list type="tag">
216

217
<tag-name id="ssl_certificate_cache_max">
218
<literal>max</literal>
219
</tag-name>
220
<tag-desc>
221
sets the maximum number of elements in the cache;
222
on cache overflow the least recently used (LRU) elements are removed;
223
</tag-desc>
224

225
<tag-name id="ssl_certificate_cache_inactive">
226
<literal>inactive</literal>
227
</tag-name>
228
<tag-desc>
229
defines a time after which an element is removed from the cache
230
if it has not been accessed during this time;
231
by default, it is 10 seconds;
232
</tag-desc>
233

234
<tag-name id="ssl_certificate_cache_valid">
235
<literal>valid</literal>
236
</tag-name>
237
<tag-desc>
238
defines a time during which
239
an element in the cache is considered valid
240
and can be reused;
241
by default, it is 60 seconds.
242
Certificates that exceed this time will be reloaded or revalidated;
243
</tag-desc>
244

245
<tag-name id="ssl_certificate_cache_off">
246
<literal>off</literal>
247
</tag-name>
248
<tag-desc>
249
disables the cache.
250
</tag-desc>
251

252
</list>
253
</para>
254

255
<para>
256
Example:
257
<example>
258
ssl_certificate       $ssl_server_name.crt;
259
ssl_certificate_key   $ssl_server_name.key;
260
ssl_certificate_cache max=1000 inactive=20s valid=1m;
261
</example>
262
</para>
263

264
</directive>
265

266

267
<directive name="ssl_certificate_compression">
268
<syntax><literal>on</literal> | <literal>off</literal></syntax>
269
<default>off</default>
270
<context>stream</context>
271
<context>server</context>
272
<appeared-in>1.29.1</appeared-in>
273

274
<para>
275
Enables TLS 1.3
276
<link url="https://datatracker.ietf.org/doc/html/rfc8879">compression</link>
277
of server certificates.
278
<note>
279
The directive is supported when using OpenSSL 3.2 or higher;
280
the list of supported compression algorithms is provided by the library.
281
</note>
282
<note>
283
The directive is supported when using BoringSSL;
284
the list of supported compression algorithms includes
285
<literal>zlib</literal> (1.29.3).
286
</note>
287
</para>
288

289
</directive>
290

291

292
<directive name="ssl_certificate_key">
293
<syntax><value>file</value></syntax>
294
<default/>
295
<context>stream</context>
296
<context>server</context>
297

298
<para>
299
Specifies a <value>file</value> with the secret key in the PEM format
300
for the given virtual server.
301
</para>
302

303
<para>
304
The value
305
<literal>engine</literal>:<value>name</value>:<value>id</value>
306
can be specified instead of the <value>file</value>,
307
which loads a secret key with a specified <value>id</value>
308
from the OpenSSL engine <value>name</value>.
309
</para>
310

311
<para>
312
The value
313
<literal>store</literal>:<value>scheme</value>:<value>id</value>
314
can be specified instead of the <value>file</value> (1.29.0),
315
which is used to load a secret key with a specified <value>id</value>
316
and OpenSSL provider registered URI <value>scheme</value>, such as
317
<link url="https://datatracker.ietf.org/doc/html/rfc7512"><literal>pkcs11</literal></link>.
318
</para>
319

320
<para id="ssl_certificate_key_data">
321
The value
322
<literal>data</literal>:<value>$variable</value>
323
can be specified instead of the <value>file</value> (1.15.10),
324
which loads a secret key from a variable without using intermediate files.
325
Note that inappropriate use of this syntax may have its security implications,
326
such as writing secret key data to
327
<link doc="../ngx_core_module.xml" id="error_log">error log</link>.
328
</para>
329

330
<para id="ssl_certificate_key_variables">
331
Since version 1.15.9, variables can be used in the <value>file</value> name
332
when using OpenSSL 1.0.2 or higher.
333
</para>
334

335
</directive>
336

337

338
<directive name="ssl_ciphers">
339
<syntax><value>ciphers</value></syntax>
340
<default>HIGH:!aNULL:!MD5</default>
341
<context>stream</context>
342
<context>server</context>
343

344
<para>
345
Specifies the enabled ciphers.
346
The ciphers are specified in the format understood by the
347
OpenSSL library, for example:
348
<example>
349
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
350
</example>
351
</para>
352

353
<para>
354
The full list can be viewed using the
355
“<command>openssl ciphers</command>” command.
356
</para>
357

358
</directive>
359

360

361
<directive name="ssl_client_certificate">
362
<syntax><value>file</value></syntax>
363
<default/>
364
<context>stream</context>
365
<context>server</context>
366
<appeared-in>1.11.8</appeared-in>
367

368
<para>
369
Specifies a <value>file</value> with trusted CA certificates in the PEM format
370
used to <link id="ssl_verify_client">verify</link> client certificates and
371
OCSP responses if <link id="ssl_stapling"/> is enabled.
372
</para>
373

374
<para>
375
The list of certificates will be sent to clients.
376
If this is not desired, the <link id="ssl_trusted_certificate"/>
377
directive can be used.
378
</para>
379

380
</directive>
381

382

383
<directive name="ssl_conf_command">
384
<syntax><value>name</value> <value>value</value></syntax>
385
<default/>
386
<context>stream</context>
387
<context>server</context>
388
<appeared-in>1.19.4</appeared-in>
389

390
<para>
391
Sets arbitrary OpenSSL configuration
392
<link url="https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html">commands</link>.
393
<note>
394
The directive is supported when using OpenSSL 1.0.2 or higher.
395
</note>
396
</para>
397

398
<para>
399
Several <literal>ssl_conf_command</literal> directives
400
can be specified on the same level:
401
<example>
402
ssl_conf_command Options PrioritizeChaCha;
403
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
404
</example>
405
These directives are inherited from the previous configuration level
406
if and only if there are no <literal>ssl_conf_command</literal> directives
407
defined on the current level.
408
</para>
409

410
<para>
411
<note>
412
Note that configuring OpenSSL directly
413
might result in unexpected behavior.
414
</note>
415
</para>
416

417
</directive>
418

419

420
<directive name="ssl_crl">
421
<syntax><value>file</value></syntax>
422
<default/>
423
<context>stream</context>
424
<context>server</context>
425
<appeared-in>1.11.8</appeared-in>
426

427
<para>
428
Specifies a <value>file</value> with revoked certificates (CRL)
429
in the PEM format used to <link id="ssl_verify_client">verify</link>
430
client certificates.
431
When using intermediate certificates, their CRLs should be
432
specified in the same file.
433
</para>
434

435
</directive>
436

437

438
<directive name="ssl_dhparam">
439
<syntax><value>file</value></syntax>
440
<default/>
441
<context>stream</context>
442
<context>server</context>
443

444
<para>
445
Specifies a <value>file</value> with DH parameters for DHE ciphers.
446
</para>
447

448
<para>
449
By default no parameters are set,
450
and therefore DHE ciphers will not be used.
451
<note>
452
Prior to version 1.11.0, builtin parameters were used by default.
453
</note>
454
</para>
455

456
</directive>
457

458

459
<directive name="ssl_ecdh_curve">
460
<syntax><value>curve</value></syntax>
461
<default>auto</default>
462
<context>stream</context>
463
<context>server</context>
464

465
<para>
466
Specifies a <value>curve</value> for ECDHE ciphers.
467
</para>
468

469
<para>
470
When using OpenSSL 1.0.2 or higher,
471
it is possible to specify multiple curves (1.11.0), for example:
472
<example>
473
ssl_ecdh_curve prime256v1:secp384r1;
474
</example>
475
</para>
476

477
<para>
478
The special value <literal>auto</literal> (1.11.0) instructs nginx to use
479
a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher,
480
or <literal>prime256v1</literal> with older versions.
481
</para>
482

483
<para>
484
<note>
485
Prior to version 1.11.0,
486
the <literal>prime256v1</literal> curve was used by default.
487
</note>
488
</para>
489

490
<para>
491
<note>
492
When using OpenSSL 1.0.2 or higher,
493
this directive sets the list of curves supported by the server.
494
Thus, in order for ECDSA certificates to work,
495
it is important to include the curves used in the certificates.
496
</note>
497
</para>
498

499
</directive>
500

501

502
<directive name="ssl_ech_file">
503
<syntax><value>file</value></syntax>
504
<default/>
505
<context>stream</context>
506
<context>server</context>
507
<appeared-in>1.29.4</appeared-in>
508

509
<para>
510
Specifies a <value>file</value> with encrypted ClientHello configuration
511
(<literal>ECHConfig</literal>) in the
512
<link url="https://datatracker.ietf.org/doc/draft-farrell-tls-pemesni/">PEM</link>
513
format used to enable TLS 1.3
514
<link url="https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni">ECH</link>
515
in shared mode.
516
</para>
517

518
<para>
519
<note>
520
The directive is currently supported only when using OpenSSL
521
<link url="https://github.com/openssl/openssl/tree/feature/ech">ECH
522
feature branch</link>.
523
</note>
524
</para>
525

526
</directive>
527

528

529
<directive name="ssl_handshake_timeout">
530
<syntax><value>time</value></syntax>
531
<default>60s</default>
532
<context>stream</context>
533
<context>server</context>
534

535
<para>
536
Specifies a timeout for the SSL handshake to complete.
537
</para>
538

539
</directive>
540

541

542
<directive name="ssl_key_log">
543
<syntax>path</syntax>
544
<default/>
545
<context>stream</context>
546
<context>server</context>
547
<appeared-in>1.27.2</appeared-in>
548

549
<para>
550
Enables logging of client connection SSL keys
551
and specifies the path to the key log file.
552
Keys are logged in the
553
<link url="https://datatracker.ietf.org/doc/html/draft-ietf-tls-keylogfile">SSLKEYLOGFILE</link>
554
format compatible with Wireshark.
555
</para>
556

557
<para>
558
<note>
559
This directive is available as part of our
560
<commercial_version>commercial subscription</commercial_version>.
561
</note>
562
</para>
563

564
</directive>
565

566

567
<directive name="ssl_ocsp">
568
<syntax><literal>on</literal> |
569
        <literal>off</literal> |
570
        <literal>leaf</literal></syntax>
571
<default>off</default>
572
<context>stream</context>
573
<context>server</context>
574
<appeared-in>1.27.2</appeared-in>
575

576
<para>
577
Enables OCSP validation of the client certificate chain.
578
The <literal>leaf</literal> parameter
579
enables validation of the client certificate only.
580
</para>
581

582
<para>
583
For the OCSP validation to work,
584
the <link id="ssl_verify_client"/> directive should be set to
585
<literal>on</literal> or <literal>optional</literal>.
586
</para>
587

588
<para>
589
To resolve the OCSP responder hostname,
590
the <link doc="ngx_stream_core_module.xml" id="resolver"/> directive
591
should also be specified.
592
</para>
593

594
<para>
595
Example:
596
<example>
597
ssl_verify_client on;
598
ssl_ocsp          on;
599
resolver          192.0.2.1;
600
</example>
601
</para>
602

603
</directive>
604

605

606
<directive name="ssl_ocsp_cache">
607
<syntax>
608
    <literal>off</literal> |
609
    [<literal>shared</literal>:<value>name</value>:<value>size</value>]</syntax>
610
<default>off</default>
611
<context>stream</context>
612
<context>server</context>
613
<appeared-in>1.27.2</appeared-in>
614

615
<para>
616
Sets <literal>name</literal> and <literal>size</literal> of the cache
617
that stores client certificates status for OCSP validation.
618
The cache is shared between all worker processes.
619
A cache with the same name can be used in several
620
virtual servers.
621
</para>
622

623
<para>
624
The <literal>off</literal> parameter prohibits the use of the cache.
625
</para>
626

627
</directive>
628

629

630
<directive name="ssl_ocsp_responder">
631
<syntax><value>url</value></syntax>
632
<default/>
633
<context>stream</context>
634
<context>server</context>
635
<appeared-in>1.27.2</appeared-in>
636

637
<para>
638
Overrides the URL of the OCSP responder specified in the
639
“<link url="https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.1">Authority
640
Information Access</link>” certificate extension
641
for <link id="ssl_ocsp">validation</link> of client certificates.
642
</para>
643

644
<para>
645
Only “<literal>http://</literal>” OCSP responders are supported:
646
<example>
647
ssl_ocsp_responder http://ocsp.example.com/;
648
</example>
649
</para>
650

651
</directive>
652

653

654
<directive name="ssl_password_file">
655
<syntax><value>file</value></syntax>
656
<default/>
657
<context>stream</context>
658
<context>server</context>
659

660
<para>
661
Specifies a <value>file</value> with passphrases for
662
<link id="ssl_certificate_key">secret keys</link>
663
where each passphrase is specified on a separate line.
664
Passphrases are tried in turn when loading the key.
665
</para>
666

667
<para>
668
Example:
669
<example>
670
stream {
671
    ssl_password_file /etc/keys/global.pass;
672
    ...
673

674
    server {
675
        listen 127.0.0.1:12345;
676
        ssl_certificate_key /etc/keys/first.key;
677
    }
678

679
    server {
680
        listen 127.0.0.1:12346;
681

682
        # named pipe can also be used instead of a file
683
        ssl_password_file /etc/keys/fifo;
684
        ssl_certificate_key /etc/keys/second.key;
685
    }
686
}
687
</example>
688
</para>
689

690
</directive>
691

692

693
<directive name="ssl_prefer_server_ciphers">
694
<syntax><literal>on</literal> | <literal>off</literal></syntax>
695
<default>off</default>
696
<context>stream</context>
697
<context>server</context>
698

699
<para>
700
Specifies that server ciphers should be preferred over client ciphers
701
when the SSLv3 and TLS protocols are used.
702
</para>
703

704
</directive>
705

706

707
<directive name="ssl_protocols">
708
<syntax>
709
    [<literal>SSLv2</literal>]
710
    [<literal>SSLv3</literal>]
711
    [<literal>TLSv1</literal>]
712
    [<literal>TLSv1.1</literal>]
713
    [<literal>TLSv1.2</literal>]
714
    [<literal>TLSv1.3</literal>]</syntax>
715
<default>TLSv1.2 TLSv1.3</default>
716
<context>stream</context>
717
<context>server</context>
718

719
<para>
720
Enables the specified protocols.
721
</para>
722

723
<para>
724
If the directive is specified
725
on the <link doc="ngx_stream_core_module.xml" id="server"/> level,
726
the value from the default server can be used.
727
Details are provided in the
728
“<link doc="../http/server_names.xml" id="virtual_server_selection">Virtual
729
server selection</link>” section.
730
</para>
731

732
<para>
733
<note>
734
The <literal>TLSv1.1</literal> and <literal>TLSv1.2</literal> parameters
735
work only when OpenSSL 1.0.1 or higher is used.
736
</note>
737
<note>
738
The <literal>TLSv1.3</literal> parameter (1.13.0) works only when
739
OpenSSL 1.1.1 or higher is used.
740
</note>
741
<note>
742
The <literal>TLSv1.3</literal> parameter is used by default
743
since 1.23.4.
744
</note>
745
</para>
746

747
</directive>
748

749

750
<directive name="ssl_reject_handshake">
751
<syntax><literal>on</literal> | <literal>off</literal></syntax>
752
<default>off</default>
753
<context>stream</context>
754
<context>server</context>
755
<appeared-in>1.25.5</appeared-in>
756

757
<para>
758
If enabled, SSL handshakes in
759
the <link doc="ngx_stream_core_module.xml" id="server"/> block will be rejected.
760
</para>
761

762
<para>
763
For example, in the following configuration, SSL handshakes with
764
server names other than <literal>example.com</literal> are rejected:
765
<example>
766
server {
767
    listen               443 ssl default_server;
768
    ssl_reject_handshake on;
769
}
770

771
server {
772
    listen              443 ssl;
773
    server_name         example.com;
774
    ssl_certificate     example.com.crt;
775
    ssl_certificate_key example.com.key;
776
}
777
</example>
778
</para>
779

780
</directive>
781

782

783
<directive name="ssl_session_cache">
784
<syntax>
785
    <literal>off</literal> |
786
    <literal>none</literal> |
787
    [<literal>builtin</literal>[:<value>size</value>]]
788
    [<literal>shared</literal>:<value>name</value>:<value>size</value>]</syntax>
789
<default>none</default>
790
<context>stream</context>
791
<context>server</context>
792

793
<para>
794
Sets the types and sizes of caches that store session parameters.
795
A cache can be of any of the following types:
796
<list type="tag">
797

798
<tag-name><literal>off</literal></tag-name>
799
<tag-desc>
800
the use of a session cache is strictly prohibited:
801
nginx explicitly tells a client that sessions may not be reused.
802
</tag-desc>
803

804
<tag-name><literal>none</literal></tag-name>
805
<tag-desc>
806
the use of a session cache is gently disallowed:
807
nginx tells a client that sessions may be reused, but does not
808
actually store session parameters in the cache.
809
</tag-desc>
810

811
<tag-name id="ssl_session_cache_builtin"><literal>builtin</literal></tag-name>
812
<tag-desc>
813
a cache built in OpenSSL; used by one worker process only.
814
The cache size is specified in sessions.
815
If size is not given, it is equal to 20480 sessions.
816
Use of the built-in cache can cause memory fragmentation.
817
</tag-desc>
818

819
<tag-name id="ssl_session_cache_shared"><literal>shared</literal></tag-name>
820
<tag-desc>
821
a cache shared between all worker processes.
822
The cache size is specified in bytes; one megabyte can store
823
about 4000 sessions.
824
Each shared cache should have an arbitrary name.
825
A cache with the same name can be used in several
826
virtual servers.
827
It is also used to automatically generate, store, and
828
periodically rotate TLS session ticket keys (1.23.2)
829
unless configured explicitly
830
using the <link id="ssl_session_ticket_key"/> directive.
831
</tag-desc>
832

833
</list>
834
</para>
835

836
<para>
837
Both cache types can be used simultaneously, for example:
838
<example>
839
ssl_session_cache builtin:1000 shared:SSL:10m;
840
</example>
841
but using only shared cache without the built-in cache should
842
be more efficient.
843
</para>
844

845
</directive>
846

847

848
<directive name="ssl_session_ticket_key">
849
<syntax><value>file</value></syntax>
850
<default/>
851
<context>stream</context>
852
<context>server</context>
853

854
<para>
855
Sets a <value>file</value> with the secret key used to encrypt
856
and decrypt TLS session tickets.
857
The directive is necessary if the same key has to be shared between
858
multiple servers.
859
By default, a randomly generated key is used.
860
</para>
861

862
<para>
863
If several keys are specified, only the first key is
864
used to encrypt TLS session tickets.
865
This allows configuring key rotation, for example:
866
<example>
867
ssl_session_ticket_key current.key;
868
ssl_session_ticket_key previous.key;
869
</example>
870
</para>
871

872
<para>
873
The <value>file</value> must contain 80 or 48 bytes
874
of random data and can be created using the following command:
875
<example>
876
openssl rand 80 > ticket.key
877
</example>
878
Depending on the file size either AES256 (for 80-byte keys, 1.11.8)
879
or AES128 (for 48-byte keys) is used for encryption.
880
</para>
881

882
</directive>
883

884

885
<directive name="ssl_session_tickets">
886
<syntax><literal>on</literal> | <literal>off</literal></syntax>
887
<default>on</default>
888
<context>stream</context>
889
<context>server</context>
890

891
<para>
892
Enables or disables session resumption through
893
<link url="https://datatracker.ietf.org/doc/html/rfc5077">TLS session tickets</link>.
894
</para>
895

896
</directive>
897

898

899
<directive name="ssl_session_timeout">
900
<syntax><value>time</value></syntax>
901
<default>5m</default>
902
<context>stream</context>
903
<context>server</context>
904

905
<para>
906
Specifies a time during which a client may reuse the
907
session parameters.
908
</para>
909

910
</directive>
911

912

913
<directive name="ssl_stapling">
914
<syntax><literal>on</literal> | <literal>off</literal></syntax>
915
<default>off</default>
916
<context>stream</context>
917
<context>server</context>
918
<appeared-in>1.27.2</appeared-in>
919

920
<para>
921
Enables or disables
922
<link url="https://datatracker.ietf.org/doc/html/rfc6066#section-8">stapling
923
of OCSP responses</link> by the server.
924
Example:
925
<example>
926
ssl_stapling on;
927
resolver 192.0.2.1;
928
</example>
929
</para>
930

931
<para>
932
For the OCSP stapling to work, the certificate of the server certificate
933
issuer should be known.
934
If the <link id="ssl_certificate"/> file does
935
not contain intermediate certificates,
936
the certificate of the server certificate issuer should be
937
present in the
938
<link id="ssl_trusted_certificate"/> file.
939
</para>
940

941
<para>
942
For a resolution of the OCSP responder hostname,
943
the <link doc="ngx_stream_core_module.xml" id="resolver"/> directive
944
should also be specified.
945
</para>
946

947
</directive>
948

949

950
<directive name="ssl_stapling_file">
951
<syntax><value>file</value></syntax>
952
<default/>
953
<context>stream</context>
954
<context>server</context>
955
<appeared-in>1.27.2</appeared-in>
956

957
<para>
958
When set, the stapled OCSP response will be taken from the
959
specified <value>file</value> instead of querying
960
the OCSP responder specified in the server certificate.
961
</para>
962

963
<para>
964
The file should be in the DER format as produced by the
965
“<literal>openssl ocsp</literal>” command.
966
</para>
967

968
</directive>
969

970

971
<directive name="ssl_stapling_responder">
972
<syntax><value>url</value></syntax>
973
<default/>
974
<context>stream</context>
975
<context>server</context>
976
<appeared-in>1.27.2</appeared-in>
977

978
<para>
979
Overrides the URL of the OCSP responder specified in the
980
“<link url="https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.1">Authority
981
Information Access</link>” certificate extension.
982
</para>
983

984
<para>
985
Only “<literal>http://</literal>” OCSP responders are supported:
986
<example>
987
ssl_stapling_responder http://ocsp.example.com/;
988
</example>
989
</para>
990

991
</directive>
992

993

994
<directive name="ssl_stapling_verify">
995
<syntax><literal>on</literal> | <literal>off</literal></syntax>
996
<default>off</default>
997
<context>stream</context>
998
<context>server</context>
999
<appeared-in>1.27.2</appeared-in>
1000

1001
<para>
1002
Enables or disables verification of OCSP responses by the server.
1003
</para>
1004

1005
<para>
1006
For verification to work, the certificate of the server certificate
1007
issuer, the root certificate, and all intermediate certificates
1008
should be configured as trusted using the
1009
<link id="ssl_trusted_certificate"/> directive.
1010
</para>
1011

1012
</directive>
1013

1014

1015
<directive name="ssl_trusted_certificate">
1016
<syntax><value>file</value></syntax>
1017
<default/>
1018
<context>stream</context>
1019
<context>server</context>
1020
<appeared-in>1.11.8</appeared-in>
1021

1022
<para>
1023
Specifies a <value>file</value> with trusted CA certificates in the PEM format
1024
used to <link id="ssl_verify_client">verify</link> client certificates and
1025
OCSP responses if <link id="ssl_stapling"/> is enabled.
1026
</para>
1027

1028
<para>
1029
In contrast to the certificate set by <link id="ssl_client_certificate"/>,
1030
the list of these certificates will not be sent to clients.
1031
</para>
1032

1033
</directive>
1034

1035

1036
<directive name="ssl_verify_client">
1037
<syntax>
1038
    <literal>on</literal> | <literal>off</literal> |
1039
    <literal>optional</literal> | <literal>optional_no_ca</literal></syntax>
1040
<default>off</default>
1041
<context>stream</context>
1042
<context>server</context>
1043
<appeared-in>1.11.8</appeared-in>
1044

1045
<para>
1046
Enables verification of client certificates.
1047
The verification result is stored in the
1048
<link id="var_ssl_client_verify">$ssl_client_verify</link> variable.
1049
If an error has occurred during the client certificate verification
1050
or a client has not presented the required certificate,
1051
the connection is closed.
1052
</para>
1053

1054
<para>
1055
The <literal>optional</literal> parameter requests the client
1056
certificate and verifies it if the certificate is present.
1057
</para>
1058

1059
<para>
1060
The <literal>optional_no_ca</literal> parameter
1061
requests the client
1062
certificate but does not require it to be signed by a trusted CA certificate.
1063
This is intended for the use in cases when a service that is external to nginx
1064
performs the actual certificate verification.
1065
The contents of the certificate is accessible through the
1066
<link id="var_ssl_client_cert">$ssl_client_cert</link> variable.
1067
</para>
1068

1069
</directive>
1070

1071

1072
<directive name="ssl_verify_depth">
1073
<syntax><value>number</value></syntax>
1074
<default>1</default>
1075
<context>stream</context>
1076
<context>server</context>
1077
<appeared-in>1.11.8</appeared-in>
1078

1079
<para>
1080
Sets the verification depth in the client certificates chain.
1081
</para>
1082

1083
</directive>
1084

1085
</section>
1086

1087

1088
<section id="variables" name="Embedded Variables">
1089

1090
<para>
1091
The <literal>ngx_stream_ssl_module</literal> module supports variables
1092
since 1.11.2.
1093
<list type="tag">
1094

1095
<tag-name id="var_ssl_alpn_protocol"><var>$ssl_alpn_protocol</var></tag-name>
1096
<tag-desc>
1097
returns the protocol selected by ALPN during the SSL handshake,
1098
or an empty string otherwise (1.21.4);
1099
</tag-desc>
1100

1101
<tag-name id="var_ssl_cipher"><var>$ssl_cipher</var></tag-name>
1102
<tag-desc>
1103
returns the name of the cipher used
1104
for an established SSL connection;
1105
</tag-desc>
1106

1107
<tag-name id="var_ssl_ciphers"><var>$ssl_ciphers</var></tag-name>
1108
<tag-desc>
1109
returns the list of ciphers supported by the client (1.11.7).
1110
Known ciphers are listed by names, unknown are shown in hexadecimal,
1111
for example:
1112
<example>
1113
AES128-SHA:AES256-SHA:0x00ff
1114
</example>
1115
<note>
1116
The variable is fully supported only when using OpenSSL version 1.0.2 or higher.
1117
With older versions, the variable is available
1118
only for new sessions and lists only known ciphers.
1119
</note>
1120
</tag-desc>
1121

1122
<tag-name id="var_ssl_client_cert"><var>$ssl_client_cert</var></tag-name>
1123
<tag-desc>
1124
returns the client certificate in the PEM format
1125
for an established SSL connection, with each line except the first
1126
prepended with the tab character (1.11.8);
1127
</tag-desc>
1128

1129
<tag-name id="var_ssl_client_fingerprint"><var>$ssl_client_fingerprint</var></tag-name>
1130
<tag-desc>
1131
returns the SHA1 fingerprint of the client certificate
1132
for an established SSL connection (1.11.8);
1133
</tag-desc>
1134

1135
<tag-name id="var_ssl_client_i_dn"><var>$ssl_client_i_dn</var></tag-name>
1136
<tag-desc>
1137
returns the “issuer DN” string of the client certificate
1138
for an established SSL connection according to
1139
<link url="https://datatracker.ietf.org/doc/html/rfc2253">RFC 2253</link> (1.11.8);
1140
</tag-desc>
1141

1142
<tag-name id="var_ssl_client_raw_cert"><var>$ssl_client_raw_cert</var>
1143
</tag-name>
1144
<tag-desc>
1145
returns the client certificate in the PEM format
1146
for an established SSL connection (1.11.8);
1147
</tag-desc>
1148

1149
<tag-name id="var_ssl_client_s_dn"><var>$ssl_client_s_dn</var></tag-name>
1150
<tag-desc>
1151
returns the “subject DN” string of the client certificate
1152
for an established SSL connection according to
1153
<link url="https://datatracker.ietf.org/doc/html/rfc2253">RFC 2253</link> (1.11.8);
1154
</tag-desc>
1155

1156
<tag-name id="var_ssl_client_serial"><var>$ssl_client_serial</var></tag-name>
1157
<tag-desc>
1158
returns the serial number of the client certificate
1159
for an established SSL connection (1.11.8);
1160
</tag-desc>
1161

1162
<tag-name id="var_ssl_client_sigalg"><var>$ssl_client_sigalg</var></tag-name>
1163
<tag-desc>
1164
returns the
1165
<link url="https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16">signature algorithm</link>
1166
for the client certificate for an established SSL connection (1.29.3).
1167
<note>
1168
The variable is supported only when using OpenSSL version 3.5 or higher.
1169
With older versions, the variable value will be an empty string.
1170
</note>
1171
<note>
1172
The variable is available only for new sessions.
1173
</note>
1174
</tag-desc>
1175

1176
<tag-name id="var_ssl_client_v_end"><var>$ssl_client_v_end</var></tag-name>
1177
<tag-desc>
1178
returns the end date of the client certificate (1.11.8);
1179
</tag-desc>
1180

1181
<tag-name id="var_ssl_client_v_remain"><var>$ssl_client_v_remain</var></tag-name>
1182
<tag-desc>
1183
returns the number of days
1184
until the client certificate expires (1.11.8);
1185
</tag-desc>
1186

1187
<tag-name id="var_ssl_client_v_start"><var>$ssl_client_v_start</var></tag-name>
1188
<tag-desc>
1189
returns the start date of the client certificate (1.11.8);
1190
</tag-desc>
1191

1192
<tag-name id="var_ssl_client_verify"><var>$ssl_client_verify</var></tag-name>
1193
<tag-desc>
1194
returns the result of client certificate verification (1.11.8):
1195
“<literal>SUCCESS</literal>”, “<literal>FAILED:</literal><value>reason</value>”,
1196
and “<literal>NONE</literal>” if a certificate was not present;
1197
</tag-desc>
1198

1199
<tag-name id="var_ssl_curve"><var>$ssl_curve</var></tag-name>
1200
<tag-desc>
1201
returns the negotiated curve used for
1202
SSL handshake key exchange process (1.21.5).
1203
Known curves are listed by names, unknown are shown in hexadecimal,
1204
for example:
1205
<example>
1206
prime256v1
1207
</example>
1208
<note>
1209
The variable is supported only when using OpenSSL version 3.0 or higher.
1210
With older versions, the variable value will be an empty string.
1211
</note>
1212
</tag-desc>
1213

1214
<tag-name id="var_ssl_curves"><var>$ssl_curves</var></tag-name>
1215
<tag-desc>
1216
returns the list of curves supported by the client (1.11.7).
1217
Known curves are listed by names, unknown are shown in hexadecimal,
1218
for example:
1219
<example>
1220
0x001d:prime256v1:secp521r1:secp384r1
1221
</example>
1222
<note>
1223
The variable is supported only when using OpenSSL version 1.0.2 or higher.
1224
With older versions, the variable value will be an empty string.
1225
</note>
1226
<note>
1227
The variable is available only for new sessions.
1228
</note>
1229
</tag-desc>
1230

1231
<tag-name id="var_ssl_ech_outer_server_name"><var>$ssl_ech_outer_server_name</var></tag-name>
1232
<tag-desc>
1233
returns the public server name requested through
1234
<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">SNI</link>
1235
if TLS 1.3 <link id="ssl_ech_file">ECH</link> was accepted,
1236
otherwise “” (1.29.4);
1237
</tag-desc>
1238

1239
<tag-name id="var_ssl_ech_status"><var>$ssl_ech_status</var></tag-name>
1240
<tag-desc>
1241
returns the result of TLS 1.3 <link id="ssl_ech_file">ECH</link> processing:
1242
“<literal>FAILED</literal>”,
1243
“<literal>BACKEND</literal>”,
1244
“<literal>GREASE</literal>”,
1245
“<literal>SUCCESS</literal>”, or
1246
“<literal>NOT_TRIED</literal>” (1.29.4);
1247
<note>
1248
The variable is currently supported only when using OpenSSL
1249
<link url="https://github.com/openssl/openssl/tree/feature/ech">ECH feature branch</link>
1250
and is therefore subject to change.
1251
The variable value will otherwise be an empty string.
1252
</note>
1253
</tag-desc>
1254

1255
<tag-name id="var_ssl_protocol"><var>$ssl_protocol</var></tag-name>
1256
<tag-desc>
1257
returns the protocol of an established SSL connection;
1258
</tag-desc>
1259

1260
<tag-name id="var_ssl_server_name"><var>$ssl_server_name</var></tag-name>
1261
<tag-desc>
1262
returns the server name requested through
1263
<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">SNI</link>;
1264
</tag-desc>
1265

1266
<tag-name id="var_ssl_session_id"><var>$ssl_session_id</var></tag-name>
1267
<tag-desc>
1268
returns the session identifier of an established SSL connection;
1269
</tag-desc>
1270

1271
<tag-name id="var_ssl_session_reused"><var>$ssl_session_reused</var></tag-name>
1272
<tag-desc>
1273
returns “<literal>r</literal>” if an SSL session was reused,
1274
or “<literal>.</literal>” otherwise.
1275
</tag-desc>
1276

1277
<tag-name id="var_ssl_sigalg"><var>$ssl_sigalg</var></tag-name>
1278
<tag-desc>
1279
returns the
1280
<link url="https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16">signature algorithm</link>
1281
for the server certificate for an established SSL connection (1.29.3).
1282
<note>
1283
The variable is supported only when using OpenSSL version 3.5 or higher.
1284
With older versions, the variable value will be an empty string.
1285
</note>
1286
<note>
1287
The variable is available only for new sessions.
1288
</note>
1289
</tag-desc>
1290

1291
</list>
1292
</para>
1293

1294
</section>
1295

1296
</module>
1297

1298