### MailSSL This module ensures SSL/TLS support for POP3/IMAP/SMTP. Configuration is practically identical to the configuration of the HTTP SSL module, but checking client certificates is not supported. 這個模塊使得POP3／IMAP／SMTP可以使用SSL／TLS.配置已經定義了HTTP SSL模塊，但是不支持客戶端證書檢測。 #### ssl **syntax:***ssl****on | off*** **default:***ssl off* **context:***mail, server* Enables SSL/TLS for this virtual server. 在虛擬服務器中啟用SSL／TLS ### ssl_certificate **syntax:***ssl_certificate****file*** **default:***cert.pem* **context:***mail, server* Indicates file with the certificate in PEM format for this virtual server. The same file can contain other certificates, and also secret key in PEM format. 顯示虛擬服務器上的PEM格式的證書文件。同一文件可以包含其他的證書和包含PEM格式的安全碼。 ### ssl_certificate_key **syntax:***ssl_certificate_key****file*** **default:***cert.pem* **context:***mail, server* Indicates file with the secret key in PEM format for this virtual server. 顯示虛擬服務器中PEM格式的安全碼文件 ### ssl_ciphers **syntax:***ssl_ciphers file****ciphers*** **default:***ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP* **context:***mail, server* Directive describes the permitted ciphers. Ciphers are assigned in the formats supported by OpenSSL. 指令描述了容許的SSL chiphers.chiphers都被使用了OpenSSL支持的格式. ### ssl_prefer_server_ciphers **syntax:***ssl_prefer_server_ciphers****on | off*** **default:***off* **context:***mail, server* Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers. 需要SSLv3協議,TLSv1 服務器端米阿么優先于客戶端密碼 ### ssl_protocols **syntax:***ssl_protocols****[SSLv2] [SSLv3] [TLSv1]*** **default:***SSLv2 SSLv3 TLSv1* **context:***mail, server* Directive enables the protocols indicated. 指令顯示協議 ### ssl_session_cache **syntax:***ssl_session_cache****[builtin[:size [shared:name:size]*** **default:***builtin:20480* **context:***mail, server* The directive sets the types and sizes of caches to store the SSL sessions. 指令設置了類型和存儲SSL 會話的緩存的大小. The cache types are: 緩存類型為： - builtin -- the OpenSSL builtin cache, is used inside one worker process only. The cache size is assigned in the number of the sessions. builtin -- OpenSSL內部緩存,這個只在內部工作進程中被使用.這個緩存大小等同于會話的個數。 - shared -- the cache is shared between all worker processes. The size of cache is assigned in the bytes, 1 MB cache can contain about 4000 sessions. Each shared cache must have arbitrary name. Cache with the same name can be used in several virtual servers. shared -- 這個緩存被所有工作進程共享.這個緩存大小用字節標識,1M緩存可以包含大約4000個會話。每個共享緩存都有專有的名稱。相同名稱的緩存可以被多個服務器使用。 It is possible to use both types of cache simultaneously, for example: 可能同時使用2中類型的緩存，例如 ~~~ ssl_session_cache builtin:1000 shared:SSL:10m; ~~~ However, the only shared cache usage without that builtin should be more effective. 然而，共享緩存只有在內部緩存之外使用才能產生更好的效果。 ### ssl_session_timeout **syntax:***ssl_session_timeout****time*** **default:***5m* **context:***mail, server* Assigns the time during which the client can repeatedly use the parameters of the session, which is stored in the cache. 在使用中客戶端重復使用的會話參數被存儲在緩存中。 ### starttls **syntax:***starttls **on | off | only*** **default:***off* **context:***mail, server* - on - permit the use of commands STLS for POP3 and STARTTLS for IMAP/SMTP on - 容許在POP3中的STLS命令和IMAP／SMPT中的STARTTLS命令 - off - do not allow command STLS/STARTTLS 不容許 STLS／STARTTLS命令 - only - announce STLS/STARTTLS support and require that clients use TLS encryption only - 宣布支持 STLS／STARTTLS但是需要客戶端使用TLS加密