You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/07/10 11:47:33 UTC

[34/50] documentation commit: updated refs/heads/import-master to fe7f7bf

Support for user configurable SSL ciphers


Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/f5e1140f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/f5e1140f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/f5e1140f

Branch: refs/heads/import-master
Commit: f5e1140f6026bbe44c270ca2c11354ceaf2c0066
Parents: 2f5f7dc
Author: Terin Stock <te...@gmail.com>
Authored: Sun Apr 20 11:40:25 2014 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Sun Apr 20 12:07:10 2014 +0100

----------------------------------------------------------------------
 src/config/http.rst | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/f5e1140f/src/config/http.rst
----------------------------------------------------------------------
diff --git a/src/config/http.rst b/src/config/http.rst
index 1ae3abe..dfe8d5a 100644
--- a/src/config/http.rst
+++ b/src/config/http.rst
@@ -387,6 +387,30 @@ Secure Socket Level Options
       [ssl]
       verify_ssl_certificates = false
 
+  .. config:option:: secure_renegotiate :: Enable secure renegotiation
+
+    Set to `true` to reject renegotiation attempt that does not live up to RFC 5746::
+
+      [ssl]
+      secure_renegotiate = true
+
+  .. config:option:: ciphers :: Specify permitted server cipher list
+
+    Set to the cipher suites that should be supported which can be
+    specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}" or
+    in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
+
+      [ssl]
+      ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
+
+  .. config:option:: tls_versions :: Specify permitted server SSL/TLS
+                     protocol versions
+
+    Set to a list of permitted SSL/TLS protocol versions::
+
+      [ssl]
+      tls_versions = [sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2']
+
 
 .. _cors:
 .. _config/cors: