File: ssl.6

package info (click to toggle)
erlang-manpages 1%3A12.b.3-1
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 4,188 kB
  • ctags: 2
  • sloc: makefile: 68; perl: 30; sh: 15
file content (78 lines) | stat: -rw-r--r-- 4,819 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
.TH ssl 6 "ssl  3.9" "Ericsson AB" "ERLANG APPLICATION DEFINITION"
.SH APPLICATION
ssl \- The SSL Application
.SH DESCRIPTION
.LP
The Secure Socket Layer (SSL) application provides secure socket communication over TCP/IP\&. 

.SH WARNING
.LP
In previous versions of Erlang/OTP SSL it was advised, as a work-around, to set the operating system environment variable \fISSL_CERT_FILE\fR to point at a file containing CA certificates\&. That variable is no longer needed, and is not recognised by Erlang/OTP SSL any more\&. 
.LP
However, the OpenSSL package does interpret that environment variable\&. Hence a setting of that variable might have unpredictable effects on the Erlang/OTP SSL application\&. It is therefore adviced to not used that environment variable at all\&.
.SH ENVIRONMENT
.LP
The following application environment configuration parameters are defined for the SSL application\&. Refer to application(3) for more information about configuration parameters\&. 
.LP
Note that the environment parameters can be set on the command line, for instance,
.LP
\fIerl \&.\&.\&. -ssl protocol_version \&'[sslv2, sslv3]\&' \&.\&.\&.\fR\&. 
.RS 2
.TP 4
.B
\fIephemeral_rsa = true | false <optional>\fR:
Enables all SSL servers (those that listen and accept) to use ephemeral RSA key generation when a clients connect with weak handshake cipher specifications, that need equally weak ciphers from the server (i\&.e\&. obsolete restrictions on export ciphers)\&. Default is \fIfalse\fR\&. 
.TP 4
.B
\fIdebug = true | false <optional>\fR:
Causes debug information to be written to standard output\&. Default is \fIfalse\fR\&. 
.TP 4
.B
\fIdebugdir = path() | false <optional>\fR:
Causes debug information output controlled by \fIdebug\fR and \fImsgdebug\fR to be printed to a file named \fIssl_esock\&.<pid>\&.log\fR in the directory specified by \fIdebugdir\fR, where \fI<pid>\fR is the operating system specific textual representation of the process indentifier of the external port program of the SSL application\&. Default is \fIfalse\fR, i\&.e\&. no log file is produced\&. 
.TP 4
.B
\fImsgdebug = true | false <optional>\fR:
Sets \fIdebug = true\fR and causes also the contents of low level messages to be printed to standard output\&. Default is \fIfalse\fR\&. 
.TP 4
.B
\fIport_program = string() | false <optional>\fR:
Name of port program\&. The default is \fIssl_esock\fR\&. 
.TP 4
.B
\fIprotocol_version = [sslv2|sslv3|tlsv1] <optional>\fR\&.:
Name of protocols to use\&. If this option is not set, all protocols are assumed, i\&.e\&. the default value is \fI[sslv2, sslv3, tlsv1]\fR\&. 
.TP 4
.B
\fIproxylsport = integer() | false <optional>\fR:
Define the port number of the listen port of the SSL port program\&. Almost never is this option needed\&. 
.TP 4
.B
\fIproxylsbacklog = integer() | false <optional>\fR:
Set the listen queue size of the listen port of the SSL port program\&. The default is 128\&. 
.RE
.SH OPENSSL LIBRARIES
.LP
The current implementation of the Erlang SSL application is based on the \fIOpenSSL\fR package version 0\&.9\&.7 or higher\&. There are source and binary releases on the web\&. 
.LP
Source releases of OpenSSL can be downloaded from the OpenSSL <http://www\&.openssl\&.org> project home page, or mirror sites listed there\&. 
.LP
The same URL also contains links to some compiled binaries and libraries of OpenSSL (see the \fIRelated/Binaries\fR menu) of which the Shining Light Productions Win32 and OpenSSL <http://www\&.shininglightpro\&.com/search\&.php?searchname=Win32+OpenSSL> pages are of interest for the Win32 user\&. 
.LP
For some Unix flavours there are binary packages available on the net\&. 
.LP
If you cannot find a suitable binary OpenSSL package, you have to fetch an OpenSSL source release and compile it\&. 
.LP
You then have to compile and install the libraries \fIlibcrypto\&.so\fR and \fIlibssl\&.so\fR (Unix), or the libraries \fIlibeay32\&.dll\fR and \fIssleay32\&.dll\fR (Win32)\&. 
.LP
For Unix The \fIssl_esock\fR port program is delivered linked to OpenSSL libraries in \fI/usr/local/lib\fR, but the default dynamic linking will also accept libraries in \fI/lib\fR and \fI/usr/lib\fR\&. 
.LP
If that is not applicable to the particular Unix operating system used, the example \fIMakefile\fR in the SSL \fIpriv/obj\fR directory, should be used as a guide to relinking the final version of the port program\&. 
.LP
For \fIWin32\fR it is only required that the libraries can be found from the \fIPATH\fR environment variable, or that they reside in the appropriate \fISYSTEM32\fR directory; hence no particular relinking is need\&. Hence no example \fIMakefile\fR for Win32 is provided\&.
.SH RESTRICTIONS
.LP
Users must be aware of export restrictions and patent rights concerning cryptographic software\&. 
.SH SEE ALSO
.LP
application(3)