forked from kyprizel/nginx_ssl_tack
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
58 lines (37 loc) · 1.32 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
DESCRIPTION
This patch enables the NGINX SSL module to respond with a TACK TLS Extension. More info on TACK: http://tack.io
DIRECTIVES
ssl_tack
on - Enable TLS extension
off - Disable TLS extension
ssl_tack_file
Sets TACK file path, if not set - extension will not be used.
ssl_tack_activation_flags
0,1,2,3 - http://tack.io/draft.html#anchor9
INSTALLATION
Grab the nginx source code from nginx.org (<http://nginx.org/>).
Patch and compile it with openssl_tack.
wget 'http://nginx.org/download/nginx-VERSION.tar.gz'
tar -xzvf nginx-VERSION.tar.gz
patch -p0 < ngx_http_ssl_module-VERSION.patch
./configure --with-debug --with-openssl=/path/to/openssl_tack --with-http_ssl_module
make
make install
EXAMPLE CONFIGURATION
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate ssl/testhost.crt;
ssl_certificate_key ssl/testhost.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_tack on;
ssl_tack_file ssl/tack.sig;
ssl_tack_activation_flags 1;
location / {
root html;
}
}