Ice Reference Documentation | ||
---|---|---|
<<< Previous | Properties | Next >>> |
IceSSL.Client.CertPath=path IceSSL.Server.CertPath=path |
Defines the path (relative or absolute) where the SSL plug-in can find PEM format certificate files (RSA and DSA) and Diffie-Hellman group parameter files. (C++ only)
If IceSSL.Client.Config or IceSSL.Server.Config specify a relative path, that path is relative to the value of IceSSL.Client.CertPath and IceSSL.Server.CertPath, respectively.
If not specified, the application uses the current working directory as the certificate path.
IceSSL.Client.Config=config_file IceSSL.Server.Config=config_file |
Defines the XML-based configuration file from which the SSL plug-in loads initialization information and certificates. (C++ only)
If the property specifies a relative path, the path is interpreted relative to the certificate path defined by IceSSL.Client.CertPath and IceSSL.Server.CertPath, respectively.
The XML parser looks for the DTD file in the same directory in which it finds the XML configuration file.
Depending on whether the application is running in client mode, server mode or both modes, a valid value for one or both of these parameters must be specified for the proper operation of the IceSSL plug-in.
IceSSL.Client.Passphrase.Retries=num IceSSL.Server.Passphrase.Retries=num |
When IceSSL is directed to use a private key in a PEM file that has been encrypted, a prompt is displayed Enter PEM pass phrase:. If the passphrase is entered incorrectly, these properties determine how many retries the user is allowed before IceSSL shuts down. (C++ only)
If not specified, the default value for these properties is 5 retries.
IceSSL.Server.Overrides.RSA.PrivateKey=Base64 encoded DER string IceSSL.Server.Overrides.RSA.Certificate=Base64 encoded DER string |
These properties override the RSA private key and public key (certificate) specified in the config file (IceSSL.Server.Config) for the Server context. The value must be the DER representation of the private and public keys, base64 encoded. (C++ only)
There are no default values for these properties.
IceSSL.Server.Overrides.DSA.PrivateKey=Base64 encoded DER string IceSSL.Server.Overrides.DSA.Certificate=Base64 encoded DER string |
These properties override the DSA private key and public key (certificate) specified in the config file (IceSSL.Server.Config) for the Server context. The value must be the DER representation of the private and public keys, base64 encoded. (C++ only)
There are no default values for these properties.
IceSSL.Client.Overrides.RSA.PrivateKey=Base64 encoded DER string IceSSL.Client.Overrides.RSA.Certificate=Base64 encoded DER string |
These properties override the RSA private key and public key (certificate) specified in the config file (IceSSL.Client.Config) for the Client context. The value must be the DER representation of the private and public keys, base64 encoded. (C++ only)
There are no default values for these properties.
IceSSL.Client.Overrides.DSA.PrivateKey=Base64 encoded DER string IceSSL.Client.Overrides.DSA.Certificate=Base64 encoded DER string |
These properties override the DSA private key and public key (certificate) specified in the config file (IceSSL.Client.Config) for the Client context. The value must be the DER representation of the private and public keys, base64 encoded. (C++ only)
There are no default values for these properties.
IceSSL.Client.Overrides.CACertificate=Base64 encoded DER string IceSSL.Server.Overrides.CACertificate=Base64 encoded DER string |
These properties override any trusted Certificate Authority (CA) certificates specified in IceSSL.Server.Config or IceSSL.Client.Config. The new certificate is represented as the base64 encoding of the DER binary representation of the certificate. (C++ only)
There are no default values for these properties.
IceSSL.Client.IgnoreValidPeriod=num IceSSL.Server.IgnoreValidPeriod=num |
If set to 1, these properties cause the default certificate verifier to ignore the certificate validity period on peer certificates. The default value for these properties is 0, meaning that the certificate validity period is not ignored. (C++ only)
IceSSL.Client.Certs=keystore IceSSL.Server.Certs=keystore |
Defines the filename of a Java keystore containing trusted certificates. If keystore is a relative pathname, it is relative to the program's current working directory.
If a password is provided in IceSSL.Client.CertsPassword or IceSSL.Server.CertsPassword, it is used to verify the integrity of the keystore.
If not specified, the plug-in uses an empty keystore.
IceSSL.Client.CertsPassword=password IceSSL.Server.CertsPassword=password |
Defines the password used to verify the integrity of the Java keystore provided by IceSSL.Client.Certs or IceSSL.Server.Certs.
If not specified, the plug-in does not verify the keystore's integrity.
IceSSL.Client.Ciphers=cipher-list IceSSL.Server.Ciphers=cipher-list |
Defines the ciphersuites enabled by the Java plug-in.
The property value is interpreted as a list of tokens delimited by whitespace. The plug-in executes the tokens in the order of appearance in order to assemble the list of enabled ciphersuites. The table below describes the tokens:
NONE | Disables all ciphersuites. If specified, it must be the first token in the list. |
ALL | Enables all supported ciphersuites. If specified, it must be the first token in the list. This token should be used with caution, as it may enable low-security ciphersuites. |
NAME | Enables the ciphersuite matching the given name. |
!NAME | Disables the ciphersuite matching the given name. |
(EXP) | Enables ciphersuites whose names contain the regular expression EXP. |
!(EXP) | Disables ciphersuites whose names contain the regular expression EXP. |
If not specified, the plug-in uses the security provider's default ciphersuites.
IceSSL.Client.Keystore=keystore IceSSL.Server.Keystore=keystore |
Defines the filename of a Java keystore containing the private key(s) and corresponding certificate(s). If keystore is a relative pathname, it is relative to the program's current working directory.
A password for the private key is defined by IceSSL.Client.Password or IceSSL.Server.Password. A password used to verify the integrity of the keystore is defined by IceSSL.Client.KeystorePassword or IceSSL.Server.KeystorePassword.
If not specified, the plug-in uses an empty keystore.
IceSSL.Client.KeystorePassword=password IceSSL.Server.KeystorePassword=password |
Defines the password used to verify the integrity of the Java keystore provided by IceSSL.Client.Keystore or IceSSL.Server.Keystore.
If not specified, the plug-in does not verify the keystore's integrity.
IceSSL.Client.Password=password IceSSL.Server.Password=password |
Defines the password of the private key in the Java keystore specified by IceSSL.Client.Keystore or IceSSL.Server.Keystore.
![]() | All of the keys in the keystore must use the same password. |
If not specified, the plug-in uses an empty string.
IceSSL.Server.ClientAuth=num |
Defines how a Java server authenticates a client:
<<< Previous | Home | Next >>> |
Ice Miscellaneous Properties | Up | IceBox Properties |