parent
18d933c256
commit
f0b3fd25ce
|
@ -5,7 +5,7 @@
|
||||||
# For services that want to be on the bleeding edge, the parameters below
|
# For services that want to be on the bleeding edge, the parameters below
|
||||||
# sacrifice compatibility for the highest level of security and performance.
|
# sacrifice compatibility for the highest level of security and performance.
|
||||||
#
|
#
|
||||||
# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
|
# (!) TLSv1.3 and its 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
|
||||||
# to be installed.
|
# to be installed.
|
||||||
#
|
#
|
||||||
# (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
|
# (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
|
||||||
|
@ -23,7 +23,8 @@
|
||||||
#
|
#
|
||||||
# (!) Requests sent within early data are subject to replay attacks.
|
# (!) Requests sent within early data are subject to replay attacks.
|
||||||
# To protect against such attacks at the application layer, the
|
# To protect against such attacks at the application layer, the
|
||||||
# $ssl_early_data variable should be used:
|
# `$ssl_early_data` variable should be used:
|
||||||
|
#
|
||||||
# proxy_set_header Early-Data $ssl_early_data;
|
# proxy_set_header Early-Data $ssl_early_data;
|
||||||
#
|
#
|
||||||
# The application should return response code 425 "Too Early" for anything
|
# The application should return response code 425 "Too Early" for anything
|
||||||
|
|
Loading…
Reference in New Issue