Documented new TLS/SSL settings.

This commit is contained in:
Dmitry Kuzmenko 2016-11-21 17:19:50 +03:00
parent e42898f2e3
commit 6857b9b8b1
2 changed files with 52 additions and 0 deletions

View File

@ -1036,6 +1036,32 @@ Do not disable this unless it is absolutely clear what this does.
rotate_aes_key: True
.. conf_master:: ssl
``ssl``
-------
.. versionadded:: 2016.11.0
Default: ``None``
TLS/SSL connection options. This could be set to a dictionary containing
arguments corresponding to python ``ssl.wrap_socket`` method. For details see
`Tornado <http://www.tornadoweb.org/en/stable/tcpserver.html#tornado.tcpserver.TCPServer>`_
and `Python <http://docs.python.org/2/library/ssl.html#ssl.wrap_socket>`_
documentation.
Note: to set enum arguments values like ``cert_reqs`` and ``ssl_version`` use
constant names without ssl module prefix: ``CERT_REQUIRED`` or ``PROTOCOL_SSLv23``.
.. code-block:: yaml
ssl:
keyfile: <path_to_keyfile>
certfile: <path_to_certfile>
ssl_version: PROTOCOL_TLSv1_2
Master Module Management
========================

View File

@ -1767,6 +1767,32 @@ blocked. If `cmd_whitelist_glob` is NOT SET, then all shell commands are permitt
- 'cat /etc/fstab'
.. conf_master:: ssl
``ssl``
-------
.. versionadded:: 2016.11.0
Default: ``None``
TLS/SSL connection options. This could be set to a dictionary containing
arguments corresponding to python ``ssl.wrap_socket`` method. For details see
`Tornado <http://www.tornadoweb.org/en/stable/tcpserver.html#tornado.tcpserver.TCPServer>`_
and `Python <http://docs.python.org/2/library/ssl.html#ssl.wrap_socket>`_
documentation.
Note: to set enum arguments values like ``cert_reqs`` and ``ssl_version`` use
constant names without ssl module prefix: ``CERT_REQUIRED`` or ``PROTOCOL_SSLv23``.
.. code-block:: yaml
ssl:
keyfile: <path_to_keyfile>
certfile: <path_to_certfile>
ssl_version: PROTOCOL_TLSv1_2
Thread Settings
===============