View | Details | Raw Unified | Return to bug 3727
Collapse All | Expand All

(-)unbound-1.7.0rc2/doc/example.conf.in (-3 / +3 lines)
 Lines 660-673   server: Link Here 
660
	# add a netblock specific override to a localzone, with zone type
660
	# add a netblock specific override to a localzone, with zone type
661
	# local-zone-override: "example.com" 192.0.2.0/24 refuse
661
	# local-zone-override: "example.com" 192.0.2.0/24 refuse
662
662
663
	# service clients over SSL (on the TCP sockets), with plain DNS inside
663
	# service clients over TLS (on the TCP sockets), with plain DNS inside
664
	# the SSL stream.  Give the certificate to use and private key.
664
	# the TLS stream.  Give the certificate to use and private key.
665
	# default is "" (disabled).  requires restart to take effect.
665
	# default is "" (disabled).  requires restart to take effect.
666
	# tls-service-key: "path/to/privatekeyfile.key"
666
	# tls-service-key: "path/to/privatekeyfile.key"
667
	# tls-service-pem: "path/to/publiccertfile.pem"
667
	# tls-service-pem: "path/to/publiccertfile.pem"
668
	# tls-port: 853
668
	# tls-port: 853
669
669
670
	# request upstream over SSL (with plain DNS inside the SSL stream).
670
	# request upstream over TLS (with plain DNS inside the TLS stream).
671
	# Default is no.  Can be turned on and off with unbound-control.
671
	# Default is no.  Can be turned on and off with unbound-control.
672
	# tls-upstream: no
672
	# tls-upstream: no
673
673
(-)unbound-1.7.0rc2/doc/unbound.conf.5.in (-8 / +8 lines)
 Lines 399-406   change anything. Useful for TLS service Link Here 
399
but use udp to fetch data upstream.
399
but use udp to fetch data upstream.
400
.TP
400
.TP
401
.B tls\-upstream: \fI<yes or no>
401
.B tls\-upstream: \fI<yes or no>
402
Enabled or disable whether the upstream queries use SSL only for transport.
402
Enabled or disable whether the upstream queries use TLS only for transport.
403
Default is no.  Useful in tunneling scenarios.  The SSL contains plain DNS in
403
Default is no.  Useful in tunneling scenarios.  The TLS contains plain DNS in
404
TCP wireformat.  The other server must support this (see
404
TCP wireformat.  The other server must support this (see
405
\fBtls\-service\-key\fR).
405
\fBtls\-service\-key\fR).
406
.TP
406
.TP
 Lines 409-415   Alternate syntax for \fBtls\-upstream\fR Link Here 
409
file the last is used.
409
file the last is used.
410
.TP
410
.TP
411
.B tls\-service\-key: \fI<file>
411
.B tls\-service\-key: \fI<file>
412
If enabled, the server provider SSL service on its TCP sockets.  The clients
412
If enabled, the server provider TLS service on its TCP sockets.  The clients
413
have to use tls\-upstream: yes.  The file is the private key for the TLS
413
have to use tls\-upstream: yes.  The file is the private key for the TLS
414
session.  The public certificate is in the tls\-service\-pem file.  Default
414
session.  The public certificate is in the tls\-service\-pem file.  Default
415
is "", turned off.  Requires a restart (a reload is not enough) if changed,
415
is "", turned off.  Requires a restart (a reload is not enough) if changed,
 Lines 429-436   turned off. Link Here 
429
Alternate syntax for \fBtls\-service\-pem\fR.
429
Alternate syntax for \fBtls\-service\-pem\fR.
430
.TP
430
.TP
431
.B tls\-port: \fI<number>
431
.B tls\-port: \fI<number>
432
The port number on which to provide TCP SSL service, default 853, only
432
The port number on which to provide TCP TLS service, default 853, only
433
interfaces configured with that port number as @number get the SSL service.
433
interfaces configured with that port number as @number get the TLS service.
434
.TP
434
.TP
435
.B ssl\-port: \fI<number>
435
.B ssl\-port: \fI<number>
436
Alternate syntax for \fBtls\-port\fR.
436
Alternate syntax for \fBtls\-port\fR.
 Lines 1304-1310   In the Link Here 
1304
clause are the declarations for the remote control facility.  If this is
1304
clause are the declarations for the remote control facility.  If this is
1305
enabled, the \fIunbound\-control\fR(8) utility can be used to send
1305
enabled, the \fIunbound\-control\fR(8) utility can be used to send
1306
commands to the running unbound server.  The server uses these clauses
1306
commands to the running unbound server.  The server uses these clauses
1307
to setup SSLv3 / TLSv1 security for the connection.  The
1307
to setup TLSv1 security for the connection.  The
1308
\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR
1308
\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR
1309
section for options.  To setup the correct self\-signed certificates use the
1309
section for options.  To setup the correct self\-signed certificates use the
1310
\fIunbound\-control\-setup\fR(8) utility.
1310
\fIunbound\-control\-setup\fR(8) utility.
 Lines 1410-1416   the servers are unreachable, instead it Link Here 
1410
The default is no.
1410
The default is no.
1411
.TP
1411
.TP
1412
.B stub\-tls\-upstream: \fI<yes or no>
1412
.B stub\-tls\-upstream: \fI<yes or no>
1413
Enabled or disable whether the queries to this stub use SSL for transport.
1413
Enabled or disable whether the queries to this stub use TLS for transport.
1414
Default is no.
1414
Default is no.
1415
.TP
1415
.TP
1416
.B stub\-ssl\-upstream: \fI<yes or no>
1416
.B stub\-ssl\-upstream: \fI<yes or no>
 Lines 1450-1456   the servers are unreachable, instead it Link Here 
1450
The default is no.
1450
The default is no.
1451
.TP
1451
.TP
1452
.B forward\-tls\-upstream: \fI<yes or no>
1452
.B forward\-tls\-upstream: \fI<yes or no>
1453
Enabled or disable whether the queries to this forwarder use SSL for transport.
1453
Enabled or disable whether the queries to this forwarder use TLS for transport.
1454
Default is no.
1454
Default is no.
1455
.TP
1455
.TP
1456
.B forward\-ssl\-upstream: \fI<yes or no>
1456
.B forward\-ssl\-upstream: \fI<yes or no>

Return to bug 3727