nghttpx: Update doc
Mention client-ciphers, and no-http2-cipher-black-list options in psk-secrets and client-psk-secrets options.
This commit is contained in:
parent
95dd908834
commit
ac399e41ac
15
src/shrpx.cc
15
src/shrpx.cc
|
@ -2120,14 +2120,25 @@ SSL/TLS:
|
||||||
in hex. An empty line, and line which starts with '#'
|
in hex. An empty line, and line which starts with '#'
|
||||||
are skipped. The default enabled cipher list might not
|
are skipped. The default enabled cipher list might not
|
||||||
contain any PSK cipher suite. In that case, desired PSK
|
contain any PSK cipher suite. In that case, desired PSK
|
||||||
cipher suites must be enabled using --ciphers option.
|
cipher suites must be enabled using --ciphers option.
|
||||||
|
The desired PSK cipher suite may be black listed by
|
||||||
|
HTTP/2. To use those cipher suites with HTTP/2,
|
||||||
|
consider to use --no-http2-cipher-black-list option.
|
||||||
|
But be aware its implications.
|
||||||
--client-psk-secrets=<PATH>
|
--client-psk-secrets=<PATH>
|
||||||
Read PSK identity and secrets from <PATH>. This is used
|
Read PSK identity and secrets from <PATH>. This is used
|
||||||
for backend connection. The each line of input file is
|
for backend connection. The each line of input file is
|
||||||
formatted as <identity>:<hex-secret>, where <identity>
|
formatted as <identity>:<hex-secret>, where <identity>
|
||||||
is PSK identity, and <hex-secret> is secret in hex. An
|
is PSK identity, and <hex-secret> is secret in hex. An
|
||||||
empty line, and line which starts with '#' are skipped.
|
empty line, and line which starts with '#' are skipped.
|
||||||
The first identity and secret pair encountered is used.
|
The first identity and secret pair encountered is used.
|
||||||
|
The default enabled cipher list might not contain any
|
||||||
|
PSK cipher suite. In that case, desired PSK cipher
|
||||||
|
suites must be enabled using --client-ciphers option.
|
||||||
|
The desired PSK cipher suite may be black listed by
|
||||||
|
HTTP/2. To use those cipher suites with HTTP/2,
|
||||||
|
consider to use --client-no-http2-cipher-black-list
|
||||||
|
option. But be aware its implications.
|
||||||
|
|
||||||
HTTP/2 and SPDY:
|
HTTP/2 and SPDY:
|
||||||
-c, --frontend-http2-max-concurrent-streams=<N>
|
-c, --frontend-http2-max-concurrent-streams=<N>
|
||||||
|
|
Loading…
Reference in New Issue