version 1.5, 2008/12/16 18:55:36
|
version 1.7, 2012/03/30 04:22:50
|
|
|
checked first against the CRL (if specified) and then against the | checked first against the CRL (if specified) and then against the |
server truststore. The <a href="#CLI">cimcrl CLI</a> should be used for | server truststore. The <a href="#CLI">cimcrl CLI</a> should be used for |
CRL management. </p> | CRL management. </p> |
|
<p><b>sslCipherSuite</b><br> |
|
This setting specifies the cipher list used by the server during the |
|
SSL handshake phase. If not specified, the "DEFAULT" OpenSSL cipher |
|
list is used. The cipher list should be mentioned between single |
|
quotes since it can contain special characters like .+, !, -. The |
|
cipher lists can be found at <a |
|
href="http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT">http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT</a> |
|
</p> |
<h4>Configuration Limitations</h4> | <h4>Configuration Limitations</h4> |
The following are configuration limitations: | The following are configuration limitations: |
<ul> | <ul> |
|
|
password needed to unencrypt it. Therefore, the best way to secure the | password needed to unencrypt it. Therefore, the best way to secure the |
file is to follow the file permissions settings specified in <a | file is to follow the file permissions settings specified in <a |
href="#CERTS">Creating SSL Certificates.</a></li> | href="#CERTS">Creating SSL Certificates.</a></li> |
<li>There is no property to specify supported cipher lists at this |
|
time. Pegasus uses the default OpenSSL cipher list. The cipher lists |
|
can be found at <a |
|
href="http://www.openssl.org/docs/apps/ciphers.html#SSL_v3_0_cipher_suites_">http://www.openssl.org/docs/apps/ciphers.html#SSL_v3_0_cipher_suites_</a> |
|
and <a |
|
href="http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_0_cipher_suites_">http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_0_cipher_suites_</a></li> |
|
<li>The verification depth cannot be specified. Pegasus uses the | <li>The verification depth cannot be specified. Pegasus uses the |
default OpenSSL depth of 9. This means the OpenSSL will only accept | default OpenSSL depth of 9. This means the OpenSSL will only accept |
client certificate chains up to 9 levels deep.</li> | client certificate chains up to 9 levels deep.</li> |
|
|
</p> | </p> |
<ul> | <ul> |
<font face="courier"> client.connect( hostname, port, <b>SSLContext(trustStore, | <font face="courier"> client.connect( hostname, port, <b>SSLContext(trustStore, |
certPath, keyPath, verifyCert, randomFile),</b> username, password); </font> |
certPath, keyPath, verifyCert, randomFile, cipherSuite),</b> username, password); </font> |
</ul> | </ul> |
<p></p> | <p></p> |
<p> Here's a code snippet that shows how to call a client constructor | <p> Here's a code snippet that shows how to call a client constructor |
|
|
does not perform by default.</li> | does not perform by default.</li> |
<li><b>randomFile</b> -- A file to seed the pseudo random number | <li><b>randomFile</b> -- A file to seed the pseudo random number |
generator (PRNG).</li> | generator (PRNG).</li> |
|
<li><b>cipherSuite</b> -- This specifies the cipher list used by the |
|
client during the SSL handshake phase. This is an experimental |
|
interface.</li> |
</ul> | </ul> |
<p>Here are some general guidelines on implementing peer verification | <p>Here are some general guidelines on implementing peer verification |
for the client: | for the client: |
|
|
<ul> | <ul> |
<li>The verification depth cannot be specified. Pegasus uses the | <li>The verification depth cannot be specified. Pegasus uses the |
default OpenSSL depth of 9.</li> | default OpenSSL depth of 9.</li> |
<li>The cipher list cannot be specified. Pegasus uses the default |
|
OpenSSL cipher list. The cipher lists can be found at <a |
|
href="http://www.openssl.org/docs/apps/ciphers.html#SSL_v3_0_cipher_suites_">http://www.openssl.org/docs/apps/ciphers.html#SSL_v3_0_cipher_suites_</a> |
|
and <a |
|
href="http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_0_cipher_suites_">http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_0_cipher_suites_</a></li> |
|
<li>No hostname checking is performed to ensure that the subject | <li>No hostname checking is performed to ensure that the subject |
field of the distinguished name (DN) matches the hostname. If desired, | field of the distinguished name (DN) matches the hostname. If desired, |
a user-specified callback should be configured to perform this check or | a user-specified callback should be configured to perform this check or |
|
|
<a href="http://www.faqs.org/rfcs/rfc2617.html">http://www.faqs.org/rfcs/rfc2617.html</a> | <a href="http://www.faqs.org/rfcs/rfc2617.html">http://www.faqs.org/rfcs/rfc2617.html</a> |
</p> | </p> |
<hr> | <hr> |
<p><i><font size="2">Copyright (c) 2005 EMC Corporation; |
<p>Licensed to The Open Group (TOG) under one or more contributor license |
Hewlett-Packard Development Company, L.P.; IBM Corp.; The Open Group; |
agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
VERITAS Software Corporation</font><br> |
this work for additional information regarding copyright ownership. |
<br> |
Each contributor licenses this file to you under the OpenPegasus Open |
<font size="1">Permission is hereby granted, free of charge, to any |
Source License; you may not use this file except in compliance with the |
person obtaining a copy of this software and associated |
License.</p> |
documentation files (the "Software"), to deal in the Software without |
<p>Permission is hereby granted, free of charge, to any person obtaining a |
restriction, including without limitation the rights to use, copy, |
copy of this software and associated documentation files (the "Software"), |
modify, merge, publish, distribute, sublicense, and/or sell copies of |
to deal in the Software without restriction, including without limitation |
the Software, and to permit persons to whom the Software is furnished |
the rights to use, copy, modify, merge, publish, distribute, sublicense, |
to do so, subject to the following conditions:</font><br> |
and/or sell copies of the Software, and to permit persons to whom the |
<font size="2"><br> |
Software is furnished to do so, subject to the following conditions:</p> |
</font> |
<p>The above copyright notice and this permission notice shall be included |
<font size="1">THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE |
in all copies or substantial portions of the Software.</p> |
SHALL BE INCLUDED IN ALL COPIES OR SUBSTANTIAL PORTIONS OF THE |
<p>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
SOFTWARE. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF |
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE |
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</p> |
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</font></i></p> |
|
<hr> | <hr> |
</body> | </body> |
</html> | </html> |