SSL Configuration

    Given an IPv4 address:

    —server.endpoint tcp://ipv4-address:port

    Given an IPv6 address:

    —server.endpoint tcp://[ipv6-address]:port

    Note: If you are using SSL-encrypted endpoints, you must also supply thepath to a server certificate using the option.

    —ssl.keyfile filename

    If SSL encryption is used, this option must be used to specify the filename ofthe server private key. The file must be PEM formatted and contain both thecertificate and the server’s private key.

    The file specified by filename can be generated using openssl:

    For further information please check the manuals of the tools you use to createthe certificate.

    CA File

    —ssl.cafile filename

    This option can be used to specify a file with CA certificates that are sent tothe client whenever the server requests a client certificate. If the file isspecified, The server will only accept client requests with certificates issuedby these CAs. Do not specify this option if you want clients to be able toconnect without specific certificates.

    The certificates in filename must be PEM formatted.

    Use this option to specify the default encryption protocol to be used. Thefollowing variants are available:

    • 1: SSLv2
    • 2: SSLv2 or SSLv3 (negotiated)
    • 3: SSLv3
    • 5: TLSv1.2The default value is 5 (TLSv1.2).

    SSL cache

    —ssl.session-cache value

    Set to true if SSL session caching should be used.

    value has a default value of false (i.e. no caching).

    —ssl.require-peer-certificate

    Require a peer certificate from the client before connecting.

    SSL options

    This option can be used to set various SSL-related options. Individual optionvalues must be combined using bitwise OR.

    Which options are available on your platform is determined by the OpenSSLversion you use. The list of options available on your platform might beretrieved by the following shell command:

    A description of the options can be found online in the

    —ssl.cipher-list cipher-list

    This option can be used to restrict the server to certain SSL ciphers only, andto define the relative usage preference of SSL ciphers.

    The format of cipher-list is documented in the OpenSSL documentation.

    The default value for cipher-list is “ALL”.