File: README.couriertls

package info (click to toggle)
cone 0.89-1
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd, wheezy
  • size: 25,628 kB
  • ctags: 14,171
  • sloc: ansic: 85,400; cpp: 82,903; sh: 11,713; makefile: 1,732; perl: 832; yacc: 291; sed: 16
file content (68 lines) | stat: -rw-r--r-- 2,454 bytes parent folder | download | duplicates (18) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# couriertls uses the following variables to initialize SSL/TLS:
#
# WARNING: Peer certificate verification has NOT yet been tested.  Proceed
# at your own risk.  Only the basic SSL/TLS functionality is known to be
# working. Keep this in mind as you play with the following variables.
#
# TLS_PROTOCOL sets the protocol version.  The possible versions are:
#
# SSL2 - SSLv2
# SSL3 - SSLv3
# TLS1 - TLS1

TLS_PROTOCOL=TLS1

# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
# undefined
#
# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"

# TLS_TIMEOUT is currently not implemented, and reserved for future use.
# This is supposed to be an inactivity timeout, but its not yet implemented.

# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
# you must generate a DH pair that will be used.  In most situations the
# DH pair is to be treated as confidential, and the file specified by
# TLS_DHCERTFILE must not be world-readable.
#
# TLS_DHCERTFILE=

# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
# TLS_CERTFILE=


# TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
# certificates are signed by a specific certificate authority, set
# TLS_OURCACERT to the name of the file containing the certificate authority
# root key, and set TLS_PEERCERTDIR to the name of the directory containing
# the allowed certificates.
#
# TLS_PEERCERTDIR=
# TLS_OURCACERT=

#
# TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
# this setting are:
#
# NONE - do not verify anything
#
# PEER - verify the peer certificate, if one's presented
#
# REQUIREPEER - require a peer certificate, fail if one's not presented
#
# SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
# will usually set TLS_VERIFYPEER to REQUIREPEER.
#
# TLS_VERIFYPEER=PEER

# TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
# TLS_VERIFYPEER=NONE.  TLS_ALLOWSELFSIGNEDCERT ignores server certificates
# that are not signed by a recognized certificate authority.  This allows
# clients to simply verify that a server certificate is available.
#
# TLS_ALLOWSELFSIGNEDCERT=1