document missing SSL context options

jordikroon · jordikroon · commit 258f18dfb53f · 2026-03-07T00:12:13.000+01:00
diff --git a/language/context/ssl.xml b/language/context/ssl.xml
@@ -204,6 +204,43 @@
      </simpara>
     </listitem>
    </varlistentry>
+   <varlistentry xml:id="context.ssl.sni-server-certs">
+    <term>
+     <parameter>SNI_server_certs</parameter>
+     <type>array</type>
+    </term>
+    <listitem>
+     <simpara>
+      An array of server names and their corresponding certificates to be used
+      for SNI. The keys are the server names and the values are the paths to
+      the certificate files on the local filesystem. The certificate files must
+      be <acronym>PEM</acronym> encoded and contain both the certificate and private key.
+     </simpara>
+    </listitem>
+   </varlistentry>
+   <varlistentry xml:id="context.alpn-protocols">
+    <term>
+     <parameter>alpn_protocols</parameter>
+     <type>array</type>
+    </term>
+    <listitem>
+     <simpara>
+      An array of application layer protocol names to be used for ALPN (Application-Layer Protocol Negotiation).
+      The values are the protocol names as strings (e.g. "http/1.1", "h2").
+     </simpara>
+    </listitem>
+   </varlistentry>
+   <varlistentry xml:id="context.ssl.no-ticket">
+    <term>
+     <parameter>no_ticket</parameter>
+     <type>bool</type>
+    </term>
+    <listitem>
+     <simpara>
+      If set, disable TLS session tickets. This can help to enhance security by providing Perfect Forward Secrecy (PFS).
+     </simpara>
+    </listitem>
+   </varlistentry>
    <varlistentry xml:id="context.ssl.disable-compression">
     <term>
      <parameter>disable_compression</parameter>
@@ -252,6 +289,38 @@
      </simpara>
     </listitem>
    </varlistentry>
+   <varlistentry xml:id="context.min-proto-version">
+    <term>
+     <parameter>min_proto_version</parameter>
+     <type>int</type>
+    </term>
+    <listitem>
+     <simpara>
+      Sets the minimum protocol version allowed. If not specified the library default
+      minimum protocol version is used. The protocol versions are described in
+      <link xlink:href="&url.openssl.protocol-versions;">SSL_CTX_set_min_proto_version(3)</link>.
+     </simpara>
+     <simpara>
+      Available as of PHP 8.0.0 and OpenSSL 1.1.1.
+     </simpara>
+    </listitem>
+   </varlistentry>
+   <varlistentry xml:id="context.max-proto-version">
+    <term>
+     <parameter>max_proto_version</parameter>
+     <type>int</type>
+    </term>
+    <listitem>
+     <simpara>
+      Sets the maximum protocol version allowed. If not specified the library default
+      maximum protocol version is used. The protocol versions are described in
+      <link xlink:href="&url.openssl.protocol-versions;">SSL_CTX_set_min_proto_version(3)</link>.
+     </simpara>
+     <simpara>
+      Available as of PHP 8.0.0 and OpenSSL 1.1.1.
+     </simpara>
+    </listitem>
+   </varlistentry>
   </variablelist>
  </refsect1><!-- }}} -->
 
