Return-Path: X-Original-To: apmail-couchdb-commits-archive@www.apache.org Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 00CB61146F for ; Sat, 26 Apr 2014 19:30:16 +0000 (UTC) Received: (qmail 6981 invoked by uid 500); 26 Apr 2014 19:29:34 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 5943 invoked by uid 500); 26 Apr 2014 19:28:57 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 5151 invoked by uid 99); 26 Apr 2014 19:28:38 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 Apr 2014 19:28:38 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 22F4E952FB0; Sat, 26 Apr 2014 19:28:36 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: kxepal@apache.org To: commits@couchdb.apache.org Date: Sat, 26 Apr 2014 19:29:21 -0000 Message-Id: <5756a0b756714965906c3528258870bc@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [47/50] documentation commit: updated refs/heads/import-master to 0efce91 Support for user configurable SSL ciphers Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/98949599 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/98949599 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/98949599 Branch: refs/heads/import-master Commit: 9894959972e9819bf8e28458abaca06ceeb56ba9 Parents: 3695591 Author: Terin Stock Authored: Sun Apr 20 11:40:25 2014 +0100 Committer: Robert Newson Committed: Sun Apr 20 12:07:10 2014 +0100 ---------------------------------------------------------------------- src/config/http.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/98949599/src/config/http.rst ---------------------------------------------------------------------- diff --git a/src/config/http.rst b/src/config/http.rst index 1ae3abe..dfe8d5a 100644 --- a/src/config/http.rst +++ b/src/config/http.rst @@ -387,6 +387,30 @@ Secure Socket Level Options [ssl] verify_ssl_certificates = false + .. config:option:: secure_renegotiate :: Enable secure renegotiation + + Set to `true` to reject renegotiation attempt that does not live up to RFC 5746:: + + [ssl] + secure_renegotiate = true + + .. config:option:: ciphers :: Specify permitted server cipher list + + Set to the cipher suites that should be supported which can be + specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}" or + in OpenSSL format "ECDHE-ECDSA-AES128-SHA256". + + [ssl] + ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"] + + .. config:option:: tls_versions :: Specify permitted server SSL/TLS + protocol versions + + Set to a list of permitted SSL/TLS protocol versions:: + + [ssl] + tls_versions = [sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2'] + .. _cors: .. _config/cors: