Reference <-

tls_certificate (context) <-

: When TLS is enabled, this option specifies the path to a file containing an OpenSSL-compatible PEM-formatted certificate that will be presented as the TLS server certificate when a TLS connection is established by a client.

Scope:	context
Type:	string
Default value:	NULL
When to Set:	Can only be set during object initialization.
Version:	This option was implemented in UM 6.9

: When TLS is enabled, this option specifies the path to a file containing the private key associated with the "server" certificate.

: The server certificate is specified by the tls_certificate (context) option. Note that this private key must be protected from intruders. For that reason, when the certificate and private key files are generated, the private key file is typically encrypted with a passphrase. The passphrase is supplied using the tls_certificate_key_password (context) option.

Scope:	context
Type:	string
Default value:	NULL
When to Set:	Can only be set during object initialization.
Version:	This option was implemented in UM 6.9

: When TLS is enabled, this option specifies the passphrase needed to decrypt the server private key file.

: The private key file is specified by the tls_certificate_key (context) option.

Scope:	context
Type:	string
Default value:	NULL
When to Set:	Can only be set during object initialization.
Version:	This option was implemented in UM 6.9

: When TLS is enabled, this option defines the list of one or more (comma separated) names of cipher suites that will be accepted by this context.

: See OpenSSL's Cipher Suite Names for the full list of suite names. When configuring UM, use the OpenSSL names (with dashes), not* the IANA names (with underscores).

: If more than one name is supplied, they should be in descending order of preference. When a remote context negotiates encrypted TCP, the two sides must find a cipher suite in common, otherwise the connection will be canceled.

Scope:	context
Type:	string
Default value:	DHE-RSA-AES256-GCM-SHA384
When to Set:	Can only be set during object initialization.
Version:	This option was implemented in UM 6.9

: The number of milliseconds allowed for TLS and/or compression handshake and negotiation.

: This negotiation happens when the TCP connection is initiated. If the negotiation does not complete within this amount of time, the connection is canceled. Note that in many cases, this will result in a retry a short time later. If the timeout is caused by mismatched endpoints, it can result in unbounded flapping of the connection.

Scope:	context
Type:	int
Units:	milliseconds
Default value:	5000
When to Set:	Can only be set during object initialization.
Version:	This option was implemented in UM 6.9

: When TLS is enabled, this option specifies the path to a file containing one or more OpenSSL-compatible PEM-formatted TLS client certificates and certificate authorities.

: If this option is not supplied, the default behavior is to use the system-level trusted certificates and certificate authorities (operating-system dependent). The TLS server uses these trusted certificates to verify the identity of connecting clients. If a client connects and presents a certificate which is not in the server's trusted certificates file, the connection will be canceled. Note that in many cases, this will result in a retry a short time later, which can lead to unbounded flapping of the connection.

Scope:	context
Type:	string
Default value:	NULL
When to Set:	Can only be set during object initialization.
Version:	This option was implemented in UM 6.9

: This option enables data encryption on all TCP links established within the context.

: This includes but may not be limited to TCP transports, Late Join, and Request/Response.

Scope:	context
Type:	int
Default value:	0
When to Set:	Can only be set during object initialization.
Version:	This option was implemented in UM 6.9

String value

Integer value

Description

"1"

1

All TCP data will be encrypted.

"0"

0

No encryption will be implemented. Default for all.