Appendix A[ 257 ]Directive Explanation Context/Default
ssl_stapling_verify Enables verification of OCSP
responses.Valid contexts: http,
server
Default value: -ssltrusted
certificate
The path to a file containing PEM-
formatted SSL certificates of the
CA's signing client certificates
and OCSP responses when ssl_
stapling is enabled.Valid contexts: http,
server
Default value: -ssl_verifyclient Enables verification of SSL client
certificates. If the optional
parameter is specified, a client
certificate will be requested and if
present, verified. If the optional
no_ca parameter is specified, a
client certificate is requested, but
doesn't require it to be signed by a
trusted CA certificate.
Valid contexts: http,
server
Default value: offssl_verify_depth Sets how many signers will be
checked before declaring the
certificate invalid.
Valid contexts: http,
server
Default value: 1starttls Indicates whether or not STLS/
STARTTLS are supported
and/or required for further
communication with this server.Valid contexts: mail,
server
Default value: offsub_filter Sets the string to be matched
without regards to case and the
string to be substituted into that
match. The substitution string may
contain variables.Valid contexts: http,
server, location
Default value: -sub_filter_once Setting to off will cause the match
in sub_filter to be made as
many times as the string is found.
Valid contexts: http,
server, location
Default value: onsub_filter_types Lists the MIME types of a response
in addition to text/html in which
a substitution will be made. It may
be * to enable all MIME types.
Valid contexts: http,
server, location
Default value: text/
htmltcpnodelay Enables or disables the TCP
NODELAY option for the keep-
alive connections.Valid contexts: http,
server, location
Default value: on