IceSSL Properties

IceSSL.Trace.Security

Synopsis

IceSSL.Trace.Security=num

Description

The SSL plug-in trace level:

0No security trace. (default)
1Trace security warnings (C++), and display the list of selected ciphersuites (Java).
2Like 1, but more verbose, including warnings during configuration file parsing (C++).

IceSSL.Client.CertPath, IceSSL.Server.CertPath

Synopsis

IceSSL.Client.CertPath=path
IceSSL.Server.CertPath=path

Description

Defines the path (relative or absolute) where the SSL plug-in can find PEM format certificate files (RSA and DSA) and Diffie-Hellman group parameter files. (C++ only)

If IceSSL.Client.Config or IceSSL.Server.Config specify a relative path, that path is relative to the value of IceSSL.Client.CertPath and IceSSL.Server.CertPath, respectively.

If not specified, the application uses the current working directory as the certificate path.

IceSSL.Client.Config, IceSSL.Server.Config

Synopsis

IceSSL.Client.Config=config_file
IceSSL.Server.Config=config_file

Description

Defines the XML-based configuration file from which the SSL plug-in loads initialization information and certificates. (C++ only)

If the property specifies a relative path, the path is interpreted relative to the certificate path defined by IceSSL.Client.CertPath and IceSSL.Server.CertPath, respectively.

The XML parser looks for the DTD file in the same directory in which it finds the XML configuration file.

Depending on whether the application is running in client mode, server mode or both modes, a valid value for one or both of these parameters must be specified for the proper operation of the IceSSL plug-in.

IceSSL.Client.Passphrase.Retries, IceSSL.Server.Passphrase.Retries

Synopsis

IceSSL.Client.Passphrase.Retries=num
IceSSL.Server.Passphrase.Retries=num

Description

When IceSSL is directed to use a private key in a PEM file that has been encrypted, a prompt is displayed Enter PEM pass phrase:. If the passphrase is entered incorrectly, these properties determine how many retries the user is allowed before IceSSL shuts down. (C++ only)

If not specified, the default value for these properties is 5 retries.

IceSSL.Server.Overrides.RSA.PrivateKey, IceSSL.Server.Overrides.RSA.Certificate

Synopsis

IceSSL.Server.Overrides.RSA.PrivateKey=Base64 encoded DER string
IceSSL.Server.Overrides.RSA.Certificate=Base64 encoded DER string

Description

These properties override the RSA private key and public key (certificate) specified in the config file (IceSSL.Server.Config) for the Server context. The value must be the DER representation of the private and public keys, base64 encoded. (C++ only)

There are no default values for these properties.

IceSSL.Server.Overrides.DSA.PrivateKey, IceSSL.Server.Overrides.DSA.Certificate

Synopsis

IceSSL.Server.Overrides.DSA.PrivateKey=Base64 encoded DER string
IceSSL.Server.Overrides.DSA.Certificate=Base64 encoded DER string

Description

These properties override the DSA private key and public key (certificate) specified in the config file (IceSSL.Server.Config) for the Server context. The value must be the DER representation of the private and public keys, base64 encoded. (C++ only)

There are no default values for these properties.

IceSSL.Client.Overrides.RSA.PrivateKey, IceSSL.Client.Overrides.RSA.Certificate

Synopsis

IceSSL.Client.Overrides.RSA.PrivateKey=Base64 encoded DER string
IceSSL.Client.Overrides.RSA.Certificate=Base64 encoded DER string

Description

These properties override the RSA private key and public key (certificate) specified in the config file (IceSSL.Client.Config) for the Client context. The value must be the DER representation of the private and public keys, base64 encoded. (C++ only)

There are no default values for these properties.

IceSSL.Client.Overrides.DSA.PrivateKey, IceSSL.Client.Overrides.DSA.Certificate

Synopsis

IceSSL.Client.Overrides.DSA.PrivateKey=Base64 encoded DER string
IceSSL.Client.Overrides.DSA.Certificate=Base64 encoded DER string

Description

These properties override the DSA private key and public key (certificate) specified in the config file (IceSSL.Client.Config) for the Client context. The value must be the DER representation of the private and public keys, base64 encoded. (C++ only)

There are no default values for these properties.

IceSSL.Client.Overrides.CACertificate, IceSSL.Server.Overrides.CACertificate

Synopsis

IceSSL.Client.Overrides.CACertificate=Base64 encoded DER string
IceSSL.Server.Overrides.CACertificate=Base64 encoded DER string

Description

These properties override any trusted Certificate Authority (CA) certificates specified in IceSSL.Server.Config or IceSSL.Client.Config. The new certificate is represented as the base64 encoding of the DER binary representation of the certificate. (C++ only)

There are no default values for these properties.

IceSSL.Client.IgnoreValidPeriod, IceSSL.Server.IgnoreValidPeriod

Synopsis

IceSSL.Client.IgnoreValidPeriod=num
IceSSL.Server.IgnoreValidPeriod=num

Description

If set to 1, these properties cause the default certificate verifier to ignore the certificate validity period on peer certificates. The default value for these properties is 0, meaning that the certificate validity period is not ignored. (C++ only)

IceSSL.Client.Certs, IceSSL.Server.Certs

Synopsis

IceSSL.Client.Certs=keystore
IceSSL.Server.Certs=keystore

Description

Defines the filename of a Java keystore containing trusted certificates. If keystore is a relative pathname, it is relative to the program's current working directory.

If a password is provided in IceSSL.Client.CertsPassword or IceSSL.Server.CertsPassword, it is used to verify the integrity of the keystore.

If not specified, the plug-in uses an empty keystore.

IceSSL.Client.CertsPassword, IceSSL.Server.CertsPassword

Synopsis

IceSSL.Client.CertsPassword=password
IceSSL.Server.CertsPassword=password

Description

Defines the password used to verify the integrity of the Java keystore provided by IceSSL.Client.Certs or IceSSL.Server.Certs.

If not specified, the plug-in does not verify the keystore's integrity.

IceSSL.Client.Ciphers, IceSSL.Server.Ciphers

Synopsis

IceSSL.Client.Ciphers=cipher-list
IceSSL.Server.Ciphers=cipher-list

Description

Defines the ciphersuites enabled by the Java plug-in.

The property value is interpreted as a list of tokens delimited by whitespace. The plug-in executes the tokens in the order of appearance in order to assemble the list of enabled ciphersuites. The table below describes the tokens:

NONEDisables all ciphersuites. If specified, it must be the first token in the list.
ALLEnables all supported ciphersuites. If specified, it must be the first token in the list. This token should be used with caution, as it may enable low-security ciphersuites.
NAMEEnables the ciphersuite matching the given name.
!NAMEDisables the ciphersuite matching the given name.
(EXP)Enables ciphersuites whose names contain the regular expression EXP.
!(EXP)Disables ciphersuites whose names contain the regular expression EXP.

If not specified, the plug-in uses the security provider's default ciphersuites.

IceSSL.Client.Keystore, IceSSL.Server.Keystore

Synopsis

IceSSL.Client.Keystore=keystore
IceSSL.Server.Keystore=keystore

Description

Defines the filename of a Java keystore containing the private key(s) and corresponding certificate(s). If keystore is a relative pathname, it is relative to the program's current working directory.

A password for the private key is defined by IceSSL.Client.Password or IceSSL.Server.Password. A password used to verify the integrity of the keystore is defined by IceSSL.Client.KeystorePassword or IceSSL.Server.KeystorePassword.

If not specified, the plug-in uses an empty keystore.

IceSSL.Client.KeystorePassword, IceSSL.Server.KeystorePassword

Synopsis

IceSSL.Client.KeystorePassword=password
IceSSL.Server.KeystorePassword=password

Description

Defines the password used to verify the integrity of the Java keystore provided by IceSSL.Client.Keystore or IceSSL.Server.Keystore.

If not specified, the plug-in does not verify the keystore's integrity.

IceSSL.Client.Password, IceSSL.Server.Password

Synopsis

IceSSL.Client.Password=password
IceSSL.Server.Password=password

Description

Defines the password of the private key in the Java keystore specified by IceSSL.Client.Keystore or IceSSL.Server.Keystore.

Note

All of the keys in the keystore must use the same password.

If not specified, the plug-in uses an empty string.

IceSSL.Server.ClientAuth

Synopsis

IceSSL.Server.ClientAuth=num

Description

Defines how a Java server authenticates a client:

0No certificate is requested from the client. (default)
1A certificate is requested but is not required.
2A certificate is required.