nghttpx: Update doc

Mention client-ciphers, and no-http2-cipher-black-list options in
psk-secrets and client-psk-secrets options.
This commit is contained in:
Tatsuhiro Tsujikawa 2017-01-08 23:04:07 +09:00
parent 95dd908834
commit ac399e41ac
1 changed files with 13 additions and 2 deletions

View File

@ -2120,14 +2120,25 @@ SSL/TLS:
in hex. An empty line, and line which starts with '#' in hex. An empty line, and line which starts with '#'
are skipped. The default enabled cipher list might not are skipped. The default enabled cipher list might not
contain any PSK cipher suite. In that case, desired PSK contain any PSK cipher suite. In that case, desired PSK
cipher suites must be enabled using --ciphers option. cipher suites must be enabled using --ciphers option.
The desired PSK cipher suite may be black listed by
HTTP/2. To use those cipher suites with HTTP/2,
consider to use --no-http2-cipher-black-list option.
But be aware its implications.
--client-psk-secrets=<PATH> --client-psk-secrets=<PATH>
Read PSK identity and secrets from <PATH>. This is used Read PSK identity and secrets from <PATH>. This is used
for backend connection. The each line of input file is for backend connection. The each line of input file is
formatted as <identity>:<hex-secret>, where <identity> formatted as <identity>:<hex-secret>, where <identity>
is PSK identity, and <hex-secret> is secret in hex. An is PSK identity, and <hex-secret> is secret in hex. An
empty line, and line which starts with '#' are skipped. empty line, and line which starts with '#' are skipped.
The first identity and secret pair encountered is used. The first identity and secret pair encountered is used.
The default enabled cipher list might not contain any
PSK cipher suite. In that case, desired PSK cipher
suites must be enabled using --client-ciphers option.
The desired PSK cipher suite may be black listed by
HTTP/2. To use those cipher suites with HTTP/2,
consider to use --client-no-http2-cipher-black-list
option. But be aware its implications.
HTTP/2 and SPDY: HTTP/2 and SPDY:
-c, --frontend-http2-max-concurrent-streams=<N> -c, --frontend-http2-max-concurrent-streams=<N>