couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [34/50] documentation commit: updated refs/heads/import-master to fe7f7bf
Date Thu, 10 Jul 2014 09:47:33 GMT
Support for user configurable SSL ciphers


Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/f5e1140f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/f5e1140f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/f5e1140f

Branch: refs/heads/import-master
Commit: f5e1140f6026bbe44c270ca2c11354ceaf2c0066
Parents: 2f5f7dc
Author: Terin Stock <terinjokes@gmail.com>
Authored: Sun Apr 20 11:40:25 2014 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Sun Apr 20 12:07:10 2014 +0100

----------------------------------------------------------------------
 src/config/http.rst | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/f5e1140f/src/config/http.rst
----------------------------------------------------------------------
diff --git a/src/config/http.rst b/src/config/http.rst
index 1ae3abe..dfe8d5a 100644
--- a/src/config/http.rst
+++ b/src/config/http.rst
@@ -387,6 +387,30 @@ Secure Socket Level Options
       [ssl]
       verify_ssl_certificates = false
 
+  .. config:option:: secure_renegotiate :: Enable secure renegotiation
+
+    Set to `true` to reject renegotiation attempt that does not live up to RFC 5746::
+
+      [ssl]
+      secure_renegotiate = true
+
+  .. config:option:: ciphers :: Specify permitted server cipher list
+
+    Set to the cipher suites that should be supported which can be
+    specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}" or
+    in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
+
+      [ssl]
+      ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
+
+  .. config:option:: tls_versions :: Specify permitted server SSL/TLS
+                     protocol versions
+
+    Set to a list of permitted SSL/TLS protocol versions::
+
+      [ssl]
+      tls_versions = [sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2']
+
 
 .. _cors:
 .. _config/cors:


Mime
View raw message