on | off
Enables TLS 1.3\ncompression\nof server certificates.
\n\n\n\n" + "description_md": "Enables TLS 1.3\n[compression](https://datatracker.ietf.org/doc/html/rfc8879)\nof server certificates.\n> The directive is supported when using OpenSSL 3.2 or higher;\n> the list of supported compression algorithms is provided by the library.\n\n> The directive is supported when using BoringSSL;\n> the list of supported compression algorithms includes\n> `zlib` (1.29.3).", + "description_html": "The directive is supported when using OpenSSL 3.2 or higher;\nthe list of supported compression algorithms is provided by the library.
\n
Enables TLS 1.3\ncompression\nof server certificates.
\n\n\n\n" }, { "name": "ssl_certificate_key", @@ -9571,8 +9571,8 @@ "The directive is supported when using OpenSSL 3.2 or higher;\nthe list of supported compression algorithms is provided by the library.
\n\nThe directive is supported when using BoringSSL;\nthe list of supported compression algorithms includes\n
\nzlib(1.29.3).
on | off
Enables or disables TLS 1.3\nearly data.
\n\n\n\n\nRequests sent within early data are subject to\nreplay attacks.\nTo protect against such attacks at the application layer,\nthe $ssl_early_data variable\nshould be used.
\n
proxy_set_header Early-Data $ssl_early_data;\n\n\n" + "description_md": "Enables or disables TLS 1.3\n[early data](https://datatracker.ietf.org/doc/html/rfc8446#section-2.3).\n> The directive is supported when using OpenSSL 1.1.1 or higher (1.15.4) and\n> [BoringSSL](https://boringssl.googlesource.com/boringssl/).\n\n> Requests sent within early data are subject to\n> [replay attacks](https://datatracker.ietf.org/doc/html/rfc8470).\n> To protect against such attacks at the application layer,\n> the [$ssl_early_data](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_early_data) variable\n> should be used.\n\n```\nproxy_set_header Early-Data $ssl_early_data;\n```\n\n> OpenSSL built-in replay protection is disabled,\n> because it interferes with session resumption.\n> It can be turned back if deemed necessary.\n\n```\nssl_conf_command Options AntiReplay;\n```", + "description_html": "The directive is supported when using OpenSSL 1.1.1 or higher (1.15.4) and\nBoringSSL.
\n
Enables or disables TLS 1.3\nearly data.
\n\n\n\n\nThe directive is supported when using OpenSSL 1.1.1 or higher (1.15.4) and\nBoringSSL.
\n\nRequests sent within early data are subject to\nreplay attacks.\nTo protect against such attacks at the application layer,\nthe $ssl_early_data variable\nshould be used.
\n
proxy_set_header Early-Data $ssl_early_data;\n\n\n\nOpenSSL built-in replay protection is disabled,\nbecause it interferes with session resumption.\nIt can be turned back if deemed necessary.
\n
ssl_conf_command Options AntiReplay;\nreturns the\nsignature algorithm\nfor the client certificate for an established SSL connection (1.29.3).
\n" + "description_md": "returns the\n[signature algorithm](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16)\nfor the client certificate for an established SSL connection (1.29.3).\n> The variable is supported only when using OpenSSL version 3.5 or higher.\n> With older versions, the variable value will be an empty string.\n\n> The variable is available only for new sessions.", + "description_html": "returns the\nsignature algorithm\nfor the client certificate for an established SSL connection (1.29.3).
\n\n\n\n" }, { "name": "$ssl_client_v_end", @@ -10038,8 +10038,8 @@ }, { "name": "$ssl_sigalg", - "description_md": "returns the\n[signature algorithm](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16)\nfor the server certificate for an established SSL connection (1.29.3).", - "description_html": "The variable is supported only when using OpenSSL version 3.5 or higher.\nWith older versions, the variable value will be an empty string.
\n\nThe variable is available only for new sessions.
\n
returns the\nsignature algorithm\nfor the server certificate for an established SSL connection (1.29.3).
\n" + "description_md": "returns the\n[signature algorithm](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16)\nfor the server certificate for an established SSL connection (1.29.3).\n> The variable is supported only when using OpenSSL version 3.5 or higher.\n> With older versions, the variable value will be an empty string.\n\n> The variable is available only for new sessions.", + "description_html": "returns the\nsignature algorithm\nfor the server certificate for an established SSL connection (1.29.3).
\n\n\n\n" } ] }, @@ -13074,8 +13074,8 @@ "The variable is supported only when using OpenSSL version 3.5 or higher.\nWith older versions, the variable value will be an empty string.
\n\nThe variable is available only for new sessions.
\n
on | off
Enables TLS 1.3\ncompression\nof server certificates.
\n\n\n\n" + "description_md": "Enables TLS 1.3\n[compression](https://datatracker.ietf.org/doc/html/rfc8879)\nof server certificates.\n> The directive is supported when using OpenSSL 3.2 or higher;\n> the list of supported compression algorithms is provided by the library.\n\n> The directive is supported when using BoringSSL;\n> the list of supported compression algorithms includes\n> `zlib` (1.29.3).", + "description_html": "The directive is supported when using OpenSSL 3.2 or higher;\nthe list of supported compression algorithms is provided by the library.
\n
Enables TLS 1.3\ncompression\nof server certificates.
\n\n\n\n" }, { "name": "ssl_certificate_key", @@ -16255,8 +16255,8 @@ "The directive is supported when using OpenSSL 3.2 or higher;\nthe list of supported compression algorithms is provided by the library.
\n\nThe directive is supported when using BoringSSL;\nthe list of supported compression algorithms includes\n
\nzlib(1.29.3).
on | off
Enables TLS 1.3\ncompression\nof server certificates.
\n\n\n\n" + "description_md": "Enables TLS 1.3\n[compression](https://datatracker.ietf.org/doc/html/rfc8879)\nof server certificates.\n> The directive is supported when using OpenSSL 3.2 or higher;\n> the list of supported compression algorithms is provided by the library.\n\n> The directive is supported when using BoringSSL;\n> the list of supported compression algorithms includes\n> `zlib` (1.29.3).", + "description_html": "The directive is supported when using OpenSSL 3.2 or higher;\nthe list of supported compression algorithms is provided by the library.
\n
Enables TLS 1.3\ncompression\nof server certificates.
\n\n\n\n" }, { "name": "ssl_certificate_key", @@ -16766,8 +16766,8 @@ }, { "name": "$ssl_client_sigalg", - "description_md": "returns the\n[signature algorithm](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16)\nfor the client certificate for an established SSL connection (1.29.3).", - "description_html": "The directive is supported when using OpenSSL 3.2 or higher;\nthe list of supported compression algorithms is provided by the library.
\n\nThe directive is supported when using BoringSSL;\nthe list of supported compression algorithms includes\n
\nzlib(1.29.3).
returns the\nsignature algorithm\nfor the client certificate for an established SSL connection (1.29.3).
\n" + "description_md": "returns the\n[signature algorithm](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16)\nfor the client certificate for an established SSL connection (1.29.3).\n> The variable is supported only when using OpenSSL version 3.5 or higher.\n> With older versions, the variable value will be an empty string.\n\n> The variable is available only for new sessions.", + "description_html": "returns the\nsignature algorithm\nfor the client certificate for an established SSL connection (1.29.3).
\n\n\n\n" }, { "name": "$ssl_client_v_end", @@ -16821,8 +16821,8 @@ }, { "name": "$ssl_sigalg", - "description_md": "returns the\n[signature algorithm](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16)\nfor the server certificate for an established SSL connection (1.29.3).", - "description_html": "The variable is supported only when using OpenSSL version 3.5 or higher.\nWith older versions, the variable value will be an empty string.
\n\nThe variable is available only for new sessions.
\n
returns the\nsignature algorithm\nfor the server certificate for an established SSL connection (1.29.3).
\n" + "description_md": "returns the\n[signature algorithm](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16)\nfor the server certificate for an established SSL connection (1.29.3).\n> The variable is supported only when using OpenSSL version 3.5 or higher.\n> With older versions, the variable value will be an empty string.\n\n> The variable is available only for new sessions.", + "description_html": "returns the\nsignature algorithm\nfor the server certificate for an established SSL connection (1.29.3).
\n\n\n\n" } ] }, @@ -17481,5 +17481,5 @@ ] } ], - "version": "https://github.com/nginx/nginx.org/commit/ea784af4d7792b9117e29e257c2a325cc8265fe5" + "version": "https://github.com/nginx/nginx.org/commit/4ff366a9d4834c8e3a5c349318625236d39090c1" }The variable is supported only when using OpenSSL version 3.5 or higher.\nWith older versions, the variable value will be an empty string.
\n\nThe variable is available only for new sessions.
\n