Openssl
From Resin 3.0
Line 47: | Line 47: | ||
</openssl> | </openssl> | ||
</http> | </http> | ||
+ | |||
+ | == Windows Specific Information == | ||
+ | |||
+ | The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the [http://www.caucho.com/resin-3.0/security/ssl.xtp#Obtaining-the-OpenSSL-Libraries-on-Windows docs]. | ||
+ | |||
+ | To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from [http://www.slproweb.com/products/Win32OpenSSL.html here]. Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's: | ||
+ | * ssleay32.dll | ||
+ | * libeay32.dll | ||
+ | * libssl32.dll | ||
+ | You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL. |
Revision as of 14:19, 7 June 2006
<openssl> configures SSL for a <http> or <srun> port using the OpenSSL library. (Requires Resin Professional)
directives
directive | description | default |
---|---|---|
ca-certificate-file | CA file for SSL client authentication | |
ca-certificate-path | CA directory for SSL client authentication | |
certificate-file | The server's certificate | required |
certificate-chain-file | File containing the certificate chain for SSL client authentication | |
certificate-key-file | The server's private key file | required |
cipher-suite | Specifies cryptographic algorithms allowed | |
password | Specifies the private key password | required |
protocol | SSL3 or TLS | TLS |
session-cache | If true, enables the OpenSSL session cache | true |
session-cache-timeout | How long sessions should be kept in the session cache | |
unclean-shutdown | If true, closing SSL sockets will be forced instead of a clean shutdown | false |
<verify-client> | Sets the SSL client authentication options | |
verify-depth | How deep a verification chain to allow |
cipher-suite
The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the OpenSSL cipher suite syntax
<http port='443'> <openssl> <certificate-file>...</certificate-file> <certificate-key-file>...</certificate-key-file> <password>...</password> <cipher-suite>ALL:!aNULL:!ADH</cipher-suite> </openssl> </http>
Windows Specific Information
The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the docs.
To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from here. Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's:
- ssleay32.dll
- libeay32.dll
- libssl32.dll
You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL.