Openssl

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
Line 47: Line 47:
 
   </openssl>
 
   </openssl>
 
   </http>
 
   </http>
 +
 +
== Windows Specific Information ==
 +
 +
The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the [http://www.caucho.com/resin-3.0/security/ssl.xtp#Obtaining-the-OpenSSL-Libraries-on-Windows docs].
 +
 +
To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from [http://www.slproweb.com/products/Win32OpenSSL.html here]. Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's:
 +
* ssleay32.dll
 +
* libeay32.dll
 +
* libssl32.dll
 +
You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL.

Revision as of 14:19, 7 June 2006


<openssl> configures SSL for a <http> or <srun> port using the OpenSSL library. (Requires Resin Professional)

directives

directive description default
ca-certificate-file CA file for SSL client authentication
ca-certificate-path CA directory for SSL client authentication
certificate-file The server's certificate required
certificate-chain-file File containing the certificate chain for SSL client authentication
certificate-key-file The server's private key file required
cipher-suite Specifies cryptographic algorithms allowed
password Specifies the private key password required
protocol SSL3 or TLS TLS
session-cache If true, enables the OpenSSL session cache true
session-cache-timeout How long sessions should be kept in the session cache
unclean-shutdown If true, closing SSL sockets will be forced instead of a clean shutdown false
<verify-client> Sets the SSL client authentication options
verify-depth How deep a verification chain to allow

cipher-suite

The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the OpenSSL cipher suite syntax

 <http port='443'>
   <openssl>
     <certificate-file>...</certificate-file>
     <certificate-key-file>...</certificate-key-file>
     <password>...</password>
     <cipher-suite>ALL:!aNULL:!ADH</cipher-suite>
 </openssl>
 </http>

Windows Specific Information

The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the docs.

To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from here. Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's:

  • ssleay32.dll
  • libeay32.dll
  • libssl32.dll

You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL.

Personal tools