You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/07/10 11:47:33 UTC
[34/50] documentation commit: updated refs/heads/import-master to
fe7f7bf
Support for user configurable SSL ciphers
Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/f5e1140f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/f5e1140f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/f5e1140f
Branch: refs/heads/import-master
Commit: f5e1140f6026bbe44c270ca2c11354ceaf2c0066
Parents: 2f5f7dc
Author: Terin Stock <te...@gmail.com>
Authored: Sun Apr 20 11:40:25 2014 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Sun Apr 20 12:07:10 2014 +0100
----------------------------------------------------------------------
src/config/http.rst | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/f5e1140f/src/config/http.rst
----------------------------------------------------------------------
diff --git a/src/config/http.rst b/src/config/http.rst
index 1ae3abe..dfe8d5a 100644
--- a/src/config/http.rst
+++ b/src/config/http.rst
@@ -387,6 +387,30 @@ Secure Socket Level Options
[ssl]
verify_ssl_certificates = false
+ .. config:option:: secure_renegotiate :: Enable secure renegotiation
+
+ Set to `true` to reject renegotiation attempt that does not live up to RFC 5746::
+
+ [ssl]
+ secure_renegotiate = true
+
+ .. config:option:: ciphers :: Specify permitted server cipher list
+
+ Set to the cipher suites that should be supported which can be
+ specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}" or
+ in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
+
+ [ssl]
+ ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
+
+ .. config:option:: tls_versions :: Specify permitted server SSL/TLS
+ protocol versions
+
+ Set to a list of permitted SSL/TLS protocol versions::
+
+ [ssl]
+ tls_versions = [sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2']
+
.. _cors:
.. _config/cors: