|
Transformer SDK For C
8.0.9.562131-6357b6d3
|
 |
|
Transformer SDK For C
8.0.9.562131-6357b6d3
|
|
The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet, and offers a greater level of protection than standard HTTP transmission.
DataSource is capable of communicating with its peers over SSL, providing an encrypted channel over which the data sources can publish their data.
SSL certificates can be configured at either or both client and server ends of the channel - DataSource is said to be operating in server mode when requesting information and in client mode when receiving information.
To configure DataSource for SSL when in server mode, use the datasrc-sslport option to select the network port to listen for SSL connections from DataSource peers.
It is possible for DataSource to accept both SSL and non-SSL connections on different ports. Non-SSL connections should be configured using the datasrc-port option.
To configure DataSource for SSL when in client mode, use the ssl option in the add-peer entry for the DataSource peer that acts as server.
Note: There is no failback to non-SSL operation should the SSL connection fail to be established.
To configure DataSource for SSL at both client and server ends of the channel, use the start-ssl group. This group is needed in the configuration file of both client and server applications.
OpenSSL has built-in support for cryptographic acceleration. In newer versions of OpenSSL (versions of 0.9.6 that include the name engine in the version) an application can get a reference to a specific representation, often a hardware device. These representations are referred to as Engines.
These following configuration options are set by editing the ssl-engine-id and ssl-engine-flags configuration options.
Type: String Array
Default: None
DataSource Server certificate to accept
Type: Boolean
Default: FALSE
SSL enable SSL on all nodes
Type: String
Default: None
Certificate presented to remote peers
Type: String
Default: None
file containing the password for the private key
Type: String
Default: None
the password for the private key
Type: String
Default: None
private key file for the certificate
Type: String
Default: TLSv1.2+ECDHE+AESGCM:TLSv1.2+ECDHE+AESCCM:TLSv1.2+ECDHE+CHACHA20:TLSv1.2+DHE+AESGCM:TLSv1.2+DHE+AESCCM:TLSv1.2+DHE+CHACHA20
optional list of ciphers to use (TLSv1.2 and below)
Type: String
Default: None
optional suite of ciphers to use
Type: Long integer
Default: 1442840704
Acceptable Values:
| Name | Value | Desc |
|---|---|---|
| SSL_OP_ALL | 2147485776 | |
| SSL_OP_LEGACY_SERVER_CONNECT | 4 | |
| SSL_OP_TLSEXT_PADDING | 16 | |
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG | 64 | |
| SSL_OP_ALLOW_NO_DHE_KEX | 1024 | |
| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | 2048 | |
| SSL_OP_NO_QUERY_MTU | 4096 | |
| SSL_OP_COOKIE_EXCHANGE | 8192 | |
| SSL_OP_NO_TICKET | 16384 | |
| SSL_OP_CISCO_ANYCONNECT | 32768 | |
| SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | 65536 | |
| SSL_OP_NO_COMPRESSION | 131072 | |
| SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | 262144 | |
| SSL_OP_NO_ENCRYPT_THEN_MAC | 524288 | |
| SSL_OP_ENABLE_MIDDLEBOX_COMPAT | 1048576 | |
| SSL_OP_PRIORITIZE_CHACHA | 2097152 | |
| SSL_OP_CIPHER_SERVER_PREFERENCE | 4194304 | |
| SSL_OP_TLS_ROLLBACK_BUG | 8388608 | |
| SSL_OP_NO_ANTI_REPLAY | 16777216 | |
| SSL_OP_NO_SSLv3 | 33554432 | |
| SSL_OP_NO_TLSv1 | 67108864 | |
| SSL_OP_NO_TLSv1_2 | 134217728 | |
| SSL_OP_NO_TLSv1_1 | 268435456 | |
| SSL_OP_NO_TLSv1_3 | 536870912 | |
| SSL_OP_NO_DTLSv1 | 67108864 | |
| SSL_OP_NO_DTLSv1_2 | 134217728 | |
| SSL_OP_NO_RENEGOTIATION | 1073741824 | |
| SSL_OP_CRYPTOPRO_TLSEXT_BUG | 2147483648 | |
| SSL_OP_MICROSOFT_SESS_ID_BUG | 0 | |
| SSL_OP_NETSCAPE_CHALLENGE_BUG | 0 | |
| SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG | 0 | |
| SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG | 0 | |
| SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | 0 | |
| SSL_OP_MSIE_SSLV2_RSA_PADDING | 0 | |
| SSL_OP_SSLEAY_080_CLIENT_DH_BUG | 0 | |
| SSL_OP_TLS_D5_BUG | 0 | |
| SSL_OP_TLS_BLOCK_PADDING_BUG | 0 | |
| SSL_OP_SINGLE_ECDH_USE | 0 | |
| SSL_OP_SINGLE_DH_USE | 0 | |
| SSL_OP_EPHEMERAL_RSA | 0 | |
| SSL_OP_NO_SSLv2 | 0 | |
| SSL_OP_PKCS1_CHECK_1 | 0 | |
| SSL_OP_PKCS1_CHECK_2 | 0 | |
| SSL_OP_NETSCAPE_CA_DN_BUG | 0 | |
| SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG | 0 |
optional list of SSL options to use
Type: Boolean
Default: FALSE
Enables SSL connection negotiation debugging.
