# add a netblock specific override to a localzone, with zone type
# local-zone-override: "example.com" 192.0.2.0/24 refuse
- # service clients over SSL (on the TCP sockets), with plain DNS inside
- # the SSL stream. Give the certificate to use and private key.
+ # service clients over TLS (on the TCP sockets), with plain DNS inside
+ # the TLS stream. Give the certificate to use and private key.
# default is "" (disabled). requires restart to take effect.
# tls-service-key: "path/to/privatekeyfile.key"
# tls-service-pem: "path/to/publiccertfile.pem"
# tls-port: 853
- # request upstream over SSL (with plain DNS inside the SSL stream).
+ # request upstream over TLS (with plain DNS inside the TLS stream).
# Default is no. Can be turned on and off with unbound-control.
# tls-upstream: no
but use udp to fetch data upstream.
.TP
.B tls\-upstream: \fI<yes or no>
-Enabled or disable whether the upstream queries use SSL only for transport.
-Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in
+Enabled or disable whether the upstream queries use TLS only for transport.
+Default is no. Useful in tunneling scenarios. The TLS contains plain DNS in
TCP wireformat. The other server must support this (see
\fBtls\-service\-key\fR).
.TP
file the last is used.
.TP
.B tls\-service\-key: \fI<file>
-If enabled, the server provider SSL service on its TCP sockets. The clients
+If enabled, the server provider TLS service on its TCP sockets. The clients
have to use tls\-upstream: yes. The file is the private key for the TLS
session. The public certificate is in the tls\-service\-pem file. Default
is "", turned off. Requires a restart (a reload is not enough) if changed,
Alternate syntax for \fBtls\-service\-pem\fR.
.TP
.B tls\-port: \fI<number>
-The port number on which to provide TCP SSL service, default 853, only
-interfaces configured with that port number as @number get the SSL service.
+The port number on which to provide TCP TLS service, default 853, only
+interfaces configured with that port number as @number get the TLS service.
.TP
.B ssl\-port: \fI<number>
Alternate syntax for \fBtls\-port\fR.
clause are the declarations for the remote control facility. If this is
enabled, the \fIunbound\-control\fR(8) utility can be used to send
commands to the running unbound server. The server uses these clauses
-to setup SSLv3 / TLSv1 security for the connection. The
+to setup TLSv1 security for the connection. The
\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR
section for options. To setup the correct self\-signed certificates use the
\fIunbound\-control\-setup\fR(8) utility.
The default is no.
.TP
.B stub\-tls\-upstream: \fI<yes or no>
-Enabled or disable whether the queries to this stub use SSL for transport.
+Enabled or disable whether the queries to this stub use TLS for transport.
Default is no.
.TP
.B stub\-ssl\-upstream: \fI<yes or no>
The default is no.
.TP
.B forward\-tls\-upstream: \fI<yes or no>
-Enabled or disable whether the queries to this forwarder use SSL for transport.
+Enabled or disable whether the queries to this forwarder use TLS for transport.
Default is no.
.TP
.B forward\-ssl\-upstream: \fI<yes or no>
projects / thirdparty / unbound.git / commitdiff
