diff --git a/doc/h2load.1 b/doc/h2load.1 index 33185bdf..eb745dd0 100644 --- a/doc/h2load.1 +++ b/doc/h2load.1 @@ -1,8 +1,5 @@ .\" Man page generated from reStructuredText. . -.TH "H2LOAD" "1" "Feb 23, 2022" "1.47.0" "nghttp2" -.SH NAME -h2load \- HTTP/2 benchmarking tool . .nr rst2man-indent-level 0 . @@ -30,6 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. +.TH "H2LOAD" "1" "Jun 23, 2022" "1.48.0" "nghttp2" +.SH NAME +h2load \- HTTP/2 benchmarking tool .SH SYNOPSIS .sp \fBh2load\fP [OPTIONS]... [URI]... @@ -132,7 +132,7 @@ Add/Override a header to the requests. Set allowed cipher list for TLSv1.2 or earlier. The format of the string is described in OpenSSL ciphers(1). .sp -Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP +Default: \fBECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384\fP .UNINDENT .INDENT 0.0 .TP @@ -340,6 +340,11 @@ Specify the maximum outgoing UDP datagram payload size. .UNINDENT .INDENT 0.0 .TP +.B \-\-ktls +Enable ktls. +.UNINDENT +.INDENT 0.0 +.TP .B \-v, \-\-verbose Output debug information. .UNINDENT diff --git a/doc/h2load.1.rst b/doc/h2load.1.rst index ff847383..0f65849d 100644 --- a/doc/h2load.1.rst +++ b/doc/h2load.1.rst @@ -103,7 +103,7 @@ OPTIONS Set allowed cipher list for TLSv1.2 or earlier. The format of the string is described in OpenSSL ciphers(1). - Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256`` + Default: ``ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`` .. option:: --tls13-ciphers= @@ -287,6 +287,10 @@ OPTIONS Specify the maximum outgoing UDP datagram payload size. +.. option:: --ktls + + Enable ktls. + .. option:: -v, --verbose Output debug information. diff --git a/doc/nghttp.1 b/doc/nghttp.1 index b96b3a1b..c98318b3 100644 --- a/doc/nghttp.1 +++ b/doc/nghttp.1 @@ -1,8 +1,5 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTP" "1" "Feb 23, 2022" "1.47.0" "nghttp2" -.SH NAME -nghttp \- HTTP/2 client . .nr rst2man-indent-level 0 . @@ -30,6 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. +.TH "NGHTTP" "1" "Jun 23, 2022" "1.48.0" "nghttp2" +.SH NAME +nghttp \- HTTP/2 client .SH SYNOPSIS .sp \fBnghttp\fP [OPTIONS]... ... @@ -242,6 +242,16 @@ failure. .UNINDENT .INDENT 0.0 .TP +.B \-\-ktls +Enable ktls. +.UNINDENT +.INDENT 0.0 +.TP +.B \-\-no\-rfc7540\-pri +Disable RFC7540 priorities. +.UNINDENT +.INDENT 0.0 +.TP .B \-\-version Display version information and exit. .UNINDENT diff --git a/doc/nghttp.1.rst b/doc/nghttp.1.rst index ae4ce03a..e10f3ee8 100644 --- a/doc/nghttp.1.rst +++ b/doc/nghttp.1.rst @@ -191,6 +191,14 @@ OPTIONS Suppress warning on server certificate verification failure. +.. option:: --ktls + + Enable ktls. + +.. option:: --no-rfc7540-pri + + Disable RFC7540 priorities. + .. option:: --version Display version information and exit. diff --git a/doc/nghttpd.1 b/doc/nghttpd.1 index 1fdddaa4..15c1a18c 100644 --- a/doc/nghttpd.1 +++ b/doc/nghttpd.1 @@ -1,8 +1,5 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTPD" "1" "Feb 23, 2022" "1.47.0" "nghttp2" -.SH NAME -nghttpd \- HTTP/2 server . .nr rst2man-indent-level 0 . @@ -30,6 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. +.TH "NGHTTPD" "1" "Jun 23, 2022" "1.48.0" "nghttp2" +.SH NAME +nghttpd \- HTTP/2 server .SH SYNOPSIS .sp \fBnghttpd\fP [OPTION]... [ ] @@ -204,6 +204,16 @@ Don\(aqt send content\-length header field. .UNINDENT .INDENT 0.0 .TP +.B \-\-ktls +Enable ktls. +.UNINDENT +.INDENT 0.0 +.TP +.B \-\-no\-rfc7540\-pri +Disable RFC7540 priorities. +.UNINDENT +.INDENT 0.0 +.TP .B \-\-version Display version information and exit. .UNINDENT diff --git a/doc/nghttpd.1.rst b/doc/nghttpd.1.rst index 314b109f..654a0253 100644 --- a/doc/nghttpd.1.rst +++ b/doc/nghttpd.1.rst @@ -159,6 +159,14 @@ OPTIONS Don't send content-length header field. +.. option:: --ktls + + Enable ktls. + +.. option:: --no-rfc7540-pri + + Disable RFC7540 priorities. + .. option:: --version Display version information and exit. diff --git a/doc/nghttpx.1 b/doc/nghttpx.1 index 077708f0..dc0243f9 100644 --- a/doc/nghttpx.1 +++ b/doc/nghttpx.1 @@ -1,8 +1,5 @@ .\" Man page generated from reStructuredText. . -.TH "NGHTTPX" "1" "Feb 23, 2022" "1.47.0" "nghttp2" -.SH NAME -nghttpx \- HTTP/2 proxy . .nr rst2man-indent-level 0 . @@ -30,6 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. +.TH "NGHTTPX" "1" "Jun 23, 2022" "1.48.0" "nghttp2" +.SH NAME +nghttpx \- HTTP/2 proxy .SH SYNOPSIS .sp \fBnghttpx\fP [OPTIONS]... [ ] @@ -209,7 +209,18 @@ the Secure attribute is determined by a request scheme. If a request scheme is "https", then Secure attribute is set. Otherwise, it is not set. If is "yes", the Secure attribute is always set. If is -"no", the Secure attribute is always omitted. +"no", the Secure attribute is always omitted. +"affinity\-cookie\-stickiness=" controls +stickiness of this affinity. If is +"loose", removing or adding a backend server might break +the affinity and the request might be forwarded to a +different backend server. If is "strict", +removing the designated backend server breaks affinity, +but adding new backend server does not cause breakage. +If the designated backend server becomes unavailable, +new backend server is chosen as if the request does not +have an affinity cookie. defaults to +"loose". .sp By default, name resolution of backend host name is done at start up, or reloading configuration. If "dns" @@ -672,7 +683,7 @@ format of the string is described in OpenSSL ciphers(1). This option sets cipher suites for TLSv1.2 or earlier. Use \fI\%\-\-tls13\-ciphers\fP for TLSv1.3. .sp -Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP +Default: \fBECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384\fP .UNINDENT .INDENT 0.0 .TP @@ -682,7 +693,7 @@ format of the string is described in OpenSSL ciphers(1). This option sets cipher suites for TLSv1.3. Use \fI\%\-\-ciphers\fP for TLSv1.2 or earlier. .sp -Default: \fBTLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\fP +Default: \fBTLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256\fP .UNINDENT .INDENT 0.0 .TP @@ -692,7 +703,7 @@ format of the string is described in OpenSSL ciphers(1). This option sets cipher suites for TLSv1.2 or earlier. Use \fI\%\-\-tls13\-client\-ciphers\fP for TLSv1.3. .sp -Default: \fBECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256\fP +Default: \fBECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384\fP .UNINDENT .INDENT 0.0 .TP @@ -702,7 +713,7 @@ format of the string is described in OpenSSL ciphers(1). This option sets cipher suites for TLSv1.3. Use \fI\%\-\-tls13\-client\-ciphers\fP for TLSv1.2 or earlier. .sp -Default: \fBTLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\fP +Default: \fBTLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256\fP .UNINDENT .INDENT 0.0 .TP @@ -1114,6 +1125,12 @@ accepts. .sp Default: \fB16K\fP .UNINDENT +.INDENT 0.0 +.TP +.B \-\-tls\-ktls +Enable ktls. For server, ktls is enable if +\fI\%\-\-tls\-session\-cache\-memcached\fP is not configured. +.UNINDENT .SS HTTP/2 .INDENT 0.0 .TP diff --git a/doc/nghttpx.1.rst b/doc/nghttpx.1.rst index fe77fc6a..9bb2b5e9 100644 --- a/doc/nghttpx.1.rst +++ b/doc/nghttpx.1.rst @@ -193,7 +193,18 @@ Connections If a request scheme is "https", then Secure attribute is set. Otherwise, it is not set. If is "yes", the Secure attribute is always set. If is - "no", the Secure attribute is always omitted. + "no", the Secure attribute is always omitted. + "affinity-cookie-stickiness=" controls + stickiness of this affinity. If is + "loose", removing or adding a backend server might break + the affinity and the request might be forwarded to a + different backend server. If is "strict", + removing the designated backend server breaks affinity, + but adding new backend server does not cause breakage. + If the designated backend server becomes unavailable, + new backend server is chosen as if the request does not + have an affinity cookie. defaults to + "loose". By default, name resolution of backend host name is done at start up, or reloading configuration. If "dns" @@ -628,7 +639,7 @@ SSL/TLS This option sets cipher suites for TLSv1.2 or earlier. Use :option:`--tls13-ciphers` for TLSv1.3. - Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256`` + Default: ``ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`` .. option:: --tls13-ciphers= @@ -637,7 +648,7 @@ SSL/TLS This option sets cipher suites for TLSv1.3. Use :option:`--ciphers` for TLSv1.2 or earlier. - Default: ``TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256`` + Default: ``TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256`` .. option:: --client-ciphers= @@ -646,7 +657,7 @@ SSL/TLS This option sets cipher suites for TLSv1.2 or earlier. Use :option:`--tls13-client-ciphers` for TLSv1.3. - Default: ``ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256`` + Default: ``ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`` .. option:: --tls13-client-ciphers= @@ -655,7 +666,7 @@ SSL/TLS This option sets cipher suites for TLSv1.3. Use :option:`--tls13-client-ciphers` for TLSv1.2 or earlier. - Default: ``TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256`` + Default: ``TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256`` .. option:: --ecdh-curves= @@ -1026,6 +1037,11 @@ SSL/TLS Default: ``16K`` +.. option:: --tls-ktls + + Enable ktls. For server, ktls is enable if + :option:`--tls-session-cache-memcached` is not configured. + HTTP/2 ~~~~~~