diff options
Diffstat (limited to 'docs/en/ranch/2.0/manual/ranch_ssl/index.html')
| -rw-r--r-- | docs/en/ranch/2.0/manual/ranch_ssl/index.html | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/docs/en/ranch/2.0/manual/ranch_ssl/index.html b/docs/en/ranch/2.0/manual/ranch_ssl/index.html index f6999be8..fa3b11ad 100644 --- a/docs/en/ranch/2.0/manual/ranch_ssl/index.html +++ b/docs/en/ranch/2.0/manual/ranch_ssl/index.html @@ -92,6 +92,7 @@ by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> <pre><tt><b><font color="#000000">ssl_opt</font></b>() <font color="#990000">=</font> {<font color="#FF6600">alpn_preferred_protocols</font>, [<b><font color="#000080">binary</font></b>()]} + | {<font color="#FF6600">anti_replay</font>, <font color="#FF6600">'10k'</font> | <font color="#FF6600">'100k'</font> | {<b><font color="#000080">integer</font></b>(), <b><font color="#000080">integer</font></b>(), <b><font color="#000080">integer</font></b>()}} | {<font color="#FF6600">beast_mitigation</font>, <font color="#FF6600">one_n_minus_one</font> | <font color="#FF6600">zero_n</font> | <font color="#FF6600">disabled</font>} | {<font color="#FF6600">cacertfile</font>, <b><font color="#000000">file:filename</font></b>()} | {<font color="#FF6600">cacerts</font>, [<b><font color="#000000">public_key:der_encoded</font></b>()]} @@ -104,17 +105,19 @@ http://www.gnu.org/software/src-highlite --> | {<font color="#FF6600">depth</font>, <b><font color="#000080">integer</font></b>()} | {<font color="#FF6600">dh</font>, <b><font color="#000080">binary</font></b>()} | {<font color="#FF6600">dhfile</font>, <b><font color="#000000">file:filename</font></b>()} - | {<font color="#FF6600">eccs</font>, [<b><font color="#000080">atom</font></b>()]} + | {<font color="#FF6600">eccs</font>, [<b><font color="#000000">ssl:named_curve</font></b>()]} | {<font color="#FF6600">fail_if_no_peer_cert</font>, <b><font color="#000000">boolean</font></b>()} | {<font color="#FF6600">handshake</font>, <font color="#FF6600">hello</font> | <font color="#FF6600">full</font>} | {<font color="#FF6600">hibernate_after</font>, <b><font color="#000000">timeout</font></b>()} | {<font color="#FF6600">honor_cipher_order</font>, <b><font color="#000000">boolean</font></b>()} | {<font color="#FF6600">honor_ecc_order</font>, <b><font color="#000000">boolean</font></b>()} | {<font color="#FF6600">key</font>, <b><font color="#000000">ssl:key</font></b>()} + | {<font color="#FF6600">key_update_at</font>, <b><font color="#000000">pos_integer</font></b>()} | {<font color="#FF6600">keyfile</font>, <b><font color="#000000">file:filename</font></b>()} | {<font color="#FF6600">log_alert</font>, <b><font color="#000000">boolean</font></b>()} | {<font color="#FF6600">log_level</font>, <b><font color="#000000">logger:level</font></b>()} | {<font color="#FF6600">max_handshake_size</font>, <b><font color="#000080">integer</font></b>()} + | {<font color="#FF6600">middlebox_comp_mode</font>, <b><font color="#000000">boolean</font></b>()} | {<font color="#FF6600">next_protocols_advertised</font>, [<b><font color="#000080">binary</font></b>()]} | {<font color="#FF6600">padding_check</font>, <b><font color="#000000">boolean</font></b>()} | {<font color="#FF6600">partial_chain</font>, <b><font color="#0000FF">fun</font></b>()} @@ -124,10 +127,12 @@ http://www.gnu.org/software/src-highlite --> | {<font color="#FF6600">reuse_session</font>, <b><font color="#0000FF">fun</font></b>()} | {<font color="#FF6600">reuse_sessions</font>, <b><font color="#000000">boolean</font></b>()} | {<font color="#FF6600">secure_renegotiate</font>, <b><font color="#000000">boolean</font></b>()} + | {<font color="#FF6600">session_tickets</font>, <font color="#FF6600">disabled</font> | <font color="#FF6600">stateful</font> | <font color="#FF6600">stateless</font>} | {<font color="#FF6600">signature_algs</font>, [{<b><font color="#000000">ssl:hash</font></b>(), <b><font color="#000000">ssl:sign_algo</font></b>()}]} - | {<font color="#FF6600">signature_algs_cert</font>, [<b><font color="#000080">atom</font></b>()]} + | {<font color="#FF6600">signature_algs_cert</font>, [<b><font color="#000000">ssl:sign_scheme</font></b>()]} | {<font color="#FF6600">sni_fun</font>, <b><font color="#0000FF">fun</font></b>()} | {<font color="#FF6600">sni_hosts</font>, [{<b><font color="#000000">string</font></b>(), <b><font color="#000000">ssl_opt</font></b>()}]} + | {<font color="#FF6600">supported_groups</font>, [<b><font color="#000000">ssl:group</font></b>()]} | {<font color="#FF6600">user_lookup_fun</font>, {<b><font color="#0000FF">fun</font></b>(), <b><font color="#000000">any</font></b>()}} | {<font color="#FF6600">verify</font>, <font color="#FF6600">verify_none</font> | <font color="#FF6600">verify_peer</font>} | {<font color="#FF6600">verify_fun</font>, {<b><font color="#0000FF">fun</font></b>(), <b><font color="#000000">any</font></b>()}} @@ -139,6 +144,9 @@ http://www.gnu.org/software/src-highlite --> <dl><dt>alpn_preferred_protocols</dt> <dd><p>Perform Application-Layer Protocol Negotiation with the given list of preferred protocols.</p> </dd> +<dt>anti_replay</dt> +<dd><p>Configures the server's built-in anti replay feature based on Bloom filters.</p> +</dd> <dt>beast_mitigation (one_n_minus_one)</dt> <dd><p>Change the BEAST mitigation strategy for SSL-3.0 and TLS-1.0 to interoperate with legacy software.</p> </dd> @@ -197,6 +205,9 @@ http://www.gnu.org/software/src-highlite --> <dt>key</dt> <dd><p>DER encoded user private key.</p> </dd> +<dt>key_update_at</dt> +<dd><p>Configures the maximum amount of bytes that can be sent on a TLS 1.3 connection before an automatic key update is performed.</p> +</dd> <dt>keyfile</dt> <dd><p>Path to the PEM encoded private key file, if different from the certfile.</p> </dd> @@ -209,6 +220,9 @@ http://www.gnu.org/software/src-highlite --> <dt>max_handshake_size (256*1024)</dt> <dd><p>Used to limit the size of valid TLS handshake packets to avoid DoS attacks.</p> </dd> +<dt>middlebox_comp_mode (true)</dt> +<dd><p>Configures the middlebox compatibility mode on a TLS 1.3 connection.</p> +</dd> <dt>next_protocols_advertised</dt> <dd><p>List of protocols to send to the client if it supports the Next Protocol extension.</p> </dd> @@ -236,6 +250,9 @@ http://www.gnu.org/software/src-highlite --> <dt>secure_renegotiate (false)</dt> <dd><p>Whether to reject renegotiation attempts that do not conform to RFC5746.</p> </dd> +<dt>session_tickets</dt> +<dd><p>Configures the session ticket functionality.</p> +</dd> <dt>signature_algs</dt> <dd><p>The TLS signature algorithm extension may be used, from TLS 1.2, to negotiate which signature algorithm to use during the TLS handshake.</p> </dd> @@ -248,6 +265,9 @@ http://www.gnu.org/software/src-highlite --> <dt>sni_hosts</dt> <dd><p>Options to apply for the host that matches what the client requested with Server Name Indication.</p> </dd> +<dt>supported_groups([x25519, x448, secp256r1, secp384r1])</dt> +<dd><p>TLS 1.3 introduces the <code>supported_groups</code> extension that is used for negotiating the Diffie-Hellman parameters in a TLS 1.3 handshake. Both client and server can specify a list of parameters that they are willing to use.</p> +</dd> <dt>user_lookup_fun</dt> <dd><p>Function called to determine the shared secret when using PSK, or provide parameters when using SRP.</p> </dd> |