<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <!--Converted with LaTeX2HTML 2008 (1.71) original version by: Nikos Drakos, CBLU, University of Leeds * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan * with significant contributions from: Jens Lippmann, Marek Rouchal, Martin Wilck and others --> <HTML> <HEAD> <TITLE>New Configuration Directives</TITLE> <META NAME="description" CONTENT="New Configuration Directives"> <META NAME="keywords" CONTENT="developers"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <META NAME="Generator" CONTENT="LaTeX2HTML v2008"> <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css"> <LINK REL="STYLESHEET" HREF="developers.css"> <LINK REL="next" HREF="TLS_API_Implementation.html"> <LINK REL="previous" HREF="Introduction_TLS.html"> <LINK REL="up" HREF="TLS.html"> <LINK REL="next" HREF="TLS_API_Implementation.html"> </HEAD> <BODY > <!--Navigation Panel--> <A NAME="tex2html1372" HREF="TLS_API_Implementation.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> <A NAME="tex2html1366" HREF="TLS.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> <A NAME="tex2html1360" HREF="Introduction_TLS.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> <A NAME="tex2html1368" HREF="Contents.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A> <A NAME="tex2html1370" HREF="GNU_Free_Documentation_Lice.html"> <IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A> <BR> <B> Next:</B> <A NAME="tex2html1373" HREF="TLS_API_Implementation.html">TLS API Implementation</A> <B> Up:</B> <A NAME="tex2html1367" HREF="TLS.html">TLS</A> <B> Previous:</B> <A NAME="tex2html1361" HREF="Introduction_TLS.html">Introduction to TLS</A> <B> <A NAME="tex2html1369" HREF="Contents.html">Contents</A></B> <B> <A NAME="tex2html1371" HREF="GNU_Free_Documentation_Lice.html">Index</A></B> <BR> <BR> <!--End of Navigation Panel--> <H1><A NAME="SECTION001420000000000000000"></A> <A NAME="4700"></A> <A NAME="4701"></A> <BR> New Configuration Directives </H1> <P> Additional configuration directives have been added to both the Console and Director resources. These new directives are defined as follows: <P> <UL> <LI><U>TLS Enable</U> <I>(yes/no)</I> Enable TLS support. <P> </LI> <LI><U>TLS Require</U> <I>(yes/no)</I> Require TLS connections. <P> </LI> <LI><U>TLS Certificate</U> <I>(path)</I> Path to PEM encoded TLS certificate. Used as either a client or server certificate. <P> </LI> <LI><U>TLS Key</U> <I>(path)</I> Path to PEM encoded TLS private key. Must correspond with the TLS certificate. <P> </LI> <LI><U>TLS Verify Peer</U> <I>(yes/no)</I> Verify peer certificate. Instructs server to request and verify the client's x509 certificate. Any client certificate signed by a known-CA will be accepted unless the TLS Allowed CN configuration directive is used. Not valid in a client context. <P> </LI> <LI><U>TLS Allowed CN</U> <I>(string list)</I> Common name attribute of allowed peer certificates. If directive is specified, all client certificates will be verified against this list. This directive may be specified more than once. Not valid in a client context. <P> </LI> <LI><U>TLS CA Certificate File</U> <I>(path)</I> Path to PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of <I>TLS CA Certificate File</I> or <I>TLS CA Certificate Dir</I> are required in a server context if <U>TLS Verify Peer</U> is also specified, and are always required in a client context. <P> </LI> <LI><U>TLS CA Certificate Dir</U> <I>(path)</I> Path to TLS CA certificate directory. In the current implementation, certificates must be stored PEM encoded with OpenSSL-compatible hashes. One of <I>TLS CA Certificate File</I> or <I>TLS CA Certificate Dir</I> are required in a server context if <I>TLS Verify Peer</I> is also specified, and are always required in a client context. <P> </LI> <LI><U>TLS DH File</U> <I>(path)</I> Path to PEM encoded Diffie-Hellman parameter file. If this directive is specified, DH ephemeral keying will be enabled, allowing for forward secrecy of communications. This directive is only valid within a server context. To generate the parameter file, you may use openssl: <PRE> openssl dhparam -out dh1024.pem -5 1024 </PRE> </LI> </UL> <P> <HR> <!--Navigation Panel--> <A NAME="tex2html1372" HREF="TLS_API_Implementation.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> <A NAME="tex2html1366" HREF="TLS.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> <A NAME="tex2html1360" HREF="Introduction_TLS.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> <A NAME="tex2html1368" HREF="Contents.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A> <A NAME="tex2html1370" HREF="GNU_Free_Documentation_Lice.html"> <IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A> <BR> <B> Next:</B> <A NAME="tex2html1373" HREF="TLS_API_Implementation.html">TLS API Implementation</A> <B> Up:</B> <A NAME="tex2html1367" HREF="TLS.html">TLS</A> <B> Previous:</B> <A NAME="tex2html1361" HREF="Introduction_TLS.html">Introduction to TLS</A> <B> <A NAME="tex2html1369" HREF="Contents.html">Contents</A></B> <B> <A NAME="tex2html1371" HREF="GNU_Free_Documentation_Lice.html">Index</A></B> <!--End of Navigation Panel--> <ADDRESS> 2012-01-24 </ADDRESS> </BODY> </HTML>
