Openssl

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
 
 
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Category:Configuration]] [[Category:Security]]
+
{{Cleanup}} [[Category:Configuration]] [[Category:Security]]
  
 
<openssl> configures SSL for a <[[http]]> or <[[srun]]> port using the OpenSSL library. (Requires Resin Professional)
 
<openssl> configures SSL for a <[[http]]> or <[[srun]]> port using the OpenSSL library. (Requires Resin Professional)
  
== tags ==
+
== directives ==
  
 
{| class="type"
 
{| class="type"
!tag||description||default
+
!directive||description||default
 
|-
 
|-
 
||ca-certificate-file||CA file for [[SSL client authentication]]
 
||ca-certificate-file||CA file for [[SSL client authentication]]
Line 30: Line 30:
 
||unclean-shutdown||If true, closing SSL sockets will be forced instead of a clean shutdown||false
 
||unclean-shutdown||If true, closing SSL sockets will be forced instead of a clean shutdown||false
 
|-
 
|-
||verify-client||Sets the [[SSL client authentication]] options
+
||<[[verify-client]]>||Sets the [[SSL client authentication]] options
 
|-
 
|-
 
||verify-depth||How deep a verification chain to allow
 
||verify-depth||How deep a verification chain to allow
 
|}
 
|}
 +
 +
== cipher-suite ==
 +
 +
The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the [http://www.openssl.org/docs/apps/ciphers.html OpenSSL cipher suite syntax]
 +
 +
  <http port='443'>
 +
    <openssl>
 +
      <certificate-file>...</certificate-file>
 +
      <certificate-key-file>...</certificate-key-file>
 +
      <password>...</password>
 +
      <cipher-suite>ALL:!aNULL:!ADH</cipher-suite>
 +
  </openssl>
 +
  </http>
 +
 +
== Windows Specific Information ==
 +
 +
The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the [http://www.caucho.com/resin-3.0/security/ssl.xtp#Obtaining-the-OpenSSL-Libraries-on-Windows docs].
 +
 +
To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from [http://www.slproweb.com/products/Win32OpenSSL.html here]. Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's:
 +
* ssleay32.dll
 +
* libeay32.dll
 +
* libssl32.dll
 +
You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL.

Latest revision as of 21:19, 1 December 2011

40px-Edit-clear.png This article requires cleanup and may refer to a legacy version of Resin.

Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation.

<openssl> configures SSL for a <http> or <srun> port using the OpenSSL library. (Requires Resin Professional)

directives

directive description default
ca-certificate-file CA file for SSL client authentication
ca-certificate-path CA directory for SSL client authentication
certificate-file The server's certificate required
certificate-chain-file File containing the certificate chain for SSL client authentication
certificate-key-file The server's private key file required
cipher-suite Specifies cryptographic algorithms allowed
password Specifies the private key password required
protocol SSL3 or TLS TLS
session-cache If true, enables the OpenSSL session cache true
session-cache-timeout How long sessions should be kept in the session cache
unclean-shutdown If true, closing SSL sockets will be forced instead of a clean shutdown false
<verify-client> Sets the SSL client authentication options
verify-depth How deep a verification chain to allow

cipher-suite

The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the OpenSSL cipher suite syntax

 <http port='443'>
   <openssl>
     <certificate-file>...</certificate-file>
     <certificate-key-file>...</certificate-key-file>
     <password>...</password>
     <cipher-suite>ALL:!aNULL:!ADH</cipher-suite>
 </openssl>
 </http>

Windows Specific Information

The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the docs.

To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from here. Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's:

  • ssleay32.dll
  • libeay32.dll
  • libssl32.dll

You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL.

Personal tools