parent
18d933c256
commit
f0b3fd25ce
|
@ -5,7 +5,7 @@
|
|||
# For services that want to be on the bleeding edge, the parameters below
|
||||
# sacrifice compatibility for the highest level of security and performance.
|
||||
#
|
||||
# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
|
||||
# (!) TLSv1.3 and its 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
|
||||
# to be installed.
|
||||
#
|
||||
# (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
|
||||
|
@ -23,7 +23,8 @@
|
|||
#
|
||||
# (!) Requests sent within early data are subject to replay attacks.
|
||||
# To protect against such attacks at the application layer, the
|
||||
# $ssl_early_data variable should be used:
|
||||
# `$ssl_early_data` variable should be used:
|
||||
#
|
||||
# proxy_set_header Early-Data $ssl_early_data;
|
||||
#
|
||||
# The application should return response code 425 "Too Early" for anything
|
||||
|
|
Loading…
Reference in New Issue