Openssl

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
Line 38: Line 38:
  
 
The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the [http://www.openssl.org/docs/apps/ciphers.html OpenSSL cipher suite syntax]
 
The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the [http://www.openssl.org/docs/apps/ciphers.html OpenSSL cipher suite syntax]
 +
 +
  <http port='443'>
 +
    <openssl>
 +
      <certificate-file>...</certificate-file>
 +
      <certificate-key-file>...</certificate-key-file>
 +
      <password>...</password>
 +
      <cipher-suite>ALL:!aNULL:!ADH</cipher-suite>
 +
  </openssl>
 +
  </http>

Revision as of 22:28, 23 March 2006


<openssl> configures SSL for a <http> or <srun> port using the OpenSSL library. (Requires Resin Professional)

directives

directive description default
ca-certificate-file CA file for SSL client authentication
ca-certificate-path CA directory for SSL client authentication
certificate-file The server's certificate required
certificate-chain-file File containing the certificate chain for SSL client authentication
certificate-key-file The server's private key file required
cipher-suite Specifies cryptographic algorithms allowed
password Specifies the private key password required
protocol SSL3 or TLS TLS
session-cache If true, enables the OpenSSL session cache true
session-cache-timeout How long sessions should be kept in the session cache
unclean-shutdown If true, closing SSL sockets will be forced instead of a clean shutdown false
<verify-client> Sets the SSL client authentication options
verify-depth How deep a verification chain to allow

cipher-suite

The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the OpenSSL cipher suite syntax

 <http port='443'>
   <openssl>
     <certificate-file>...</certificate-file>
     <certificate-key-file>...</certificate-key-file>
     <password>...</password>
     <cipher-suite>ALL:!aNULL:!ADH</cipher-suite>
 </openssl>
 </http>
Personal tools