Options |
Functions |
accel |
Accelerator mode. Also needs at least one of defaultsite or vhost. |
defaultsite= |
The name of the https site presented on this port |
vhost |
Domain based virtual host support. Useful in combination with a wildcard certificate or other certificates valid for more than one domain. Implies accel. |
urlgroup= |
Default urlgroup to mark requests with |
protocol= |
Protocol to reconstruct accelerated requests with. Defaults to https. |
cert= |
Path to SSL certificate (PEM format) |
key= |
Path to SSL private key file (PEM format) if not specified, the certificate file is assumed to be a combined certificate and key file |
version= |
The version of SSL/TLS supported 1 automatic (default) 2 SSLv2 only 3 SSLv3 only 4 TLSv1 only |
cipher= |
Colon separated list of supported ciphers |
options= |
Various SSL engine options. The most important being: NO_SSLv2 Disallow the use of SSLv2 NO_SSLv3 Disallow the use of SSLv3 NO_TLSv1 Disallow the use of TLSv1 SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges See src/ssl_support.cc or OpenSSL SSL_CTX_set_options documentation for a complete list of options. |
clientca= |
File containing the list of CAs to use when requesting a client certificate |
cafile= |
File containing additional CA certificates to use when verifying client certificates. If unset clientca will be used. |
capath= |
Directory containing additional CA certificates to use when verifying client certificates |
dhparams= |
File containing DH parameters for temporary/ephemeral DH key exchanges |
sslflags= |
Various flags modifying the use of SSL: DELAYED_AUTH - Don't request client certificates immediately, but wait until acl processing requires a certificate NO_DEFAULT_CA - Don't use the default CA list built in to OpenSSL. NO_SESSION_REUSE - Don't allow for session reuse. Each connection will result in a new SSL session. VERIFY_CRL - Verify CRL lists when accepting client certificates VERIFY_CRL_ALL - Verify CRL lists for all certificates in the client certificate chain |
sslcontext= |
SSL session ID context identifier. |
|
|