Openssl

From Resin 3.0

Jump to: navigation, search
40px-Edit-clear.png This article requires cleanup and may refer to a legacy version of Resin.

Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation.

<openssl> configures SSL for a <http> or <srun> port using the OpenSSL library. (Requires Resin Professional)

directives

directive description default
ca-certificate-file CA file for SSL client authentication
ca-certificate-path CA directory for SSL client authentication
certificate-file The server's certificate required
certificate-chain-file File containing the certificate chain for SSL client authentication
certificate-key-file The server's private key file required
cipher-suite Specifies cryptographic algorithms allowed
password Specifies the private key password required
protocol SSL3 or TLS TLS
session-cache If true, enables the OpenSSL session cache true
session-cache-timeout How long sessions should be kept in the session cache
unclean-shutdown If true, closing SSL sockets will be forced instead of a clean shutdown false
<verify-client> Sets the SSL client authentication options
verify-depth How deep a verification chain to allow

cipher-suite

The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the OpenSSL cipher suite syntax

 <http port='443'>
   <openssl>
     <certificate-file>...</certificate-file>
     <certificate-key-file>...</certificate-key-file>
     <password>...</password>
     <cipher-suite>ALL:!aNULL:!ADH</cipher-suite>
 </openssl>
 </http>

Windows Specific Information

The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the docs.

To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from here. Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's:

  • ssleay32.dll
  • libeay32.dll
  • libssl32.dll

You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL.

Personal tools