SSLTRUST (JANUS DEFINE parameter): Difference between revisions

From m204wiki
Jump to navigation Jump to search
(Created page with "{{DISPLAYTITLE:SSLTRUST}} <span class="pageSubtitle">SSLTRUST — Trust communication partner certificate</span> ==Description== <var>SSLTRUST</var> is a parameter on the...")
 
m (remove displaytitle)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:SSLTRUST}}
<span class="pageSubtitle">SSLTRUST &mdash; Trust communication partner certificate</span>
<span class="pageSubtitle">SSLTRUST &mdash; Trust communication partner certificate</span>


==Description==
==Description==
<var>SSLTRUST</var> is a parameter on the <var>[[JANUS DEFINE]]</var> command, which indicates that a certificate from the other side of a TLS/SSL connection is not required to be signed by a certifying authority that has been added to the port by a [[JANUS ADDCA]] command. This parameter is available in Model 204 7.7 and later.
<var>SSLTRUST</var> is a parameter on the <var>[[JANUS DEFINE]]</var> command. It indicates that a certificate from the other side of a TLS/SSL connection is not required to be signed by a certifying authority that has been added to the port by a <var>[[JANUS ADDCA]]</var> command. This parameter is available in Model 204 7.7 and later.


Note that it is a bad idea to use this parameter in production systems or systems where security is important as it defeats one of the protections of TLS/SSL &ndash; the validation of the other side of a connection. It is probably an especially bad idea for server ports as it completely defeats the utility of client certificates for user validation &ndash; anyone can produce a certificate with any content if the certificate is not required to be signed by a known certifying authority.
<p class="note"><b>Note:</b> It is a bad idea to use this parameter in production systems or systems where security is important: it defeats one of the protections of TLS/SSL &mdash; the validation of the other side of a connection. It is probably an especially bad idea for server ports, as it completely defeats the utility of client certificates for user validation &mdash; anyone can produce a certificate with any content if the certificate is not required to be signed by a known certifying authority. </p>


The main purpose of <var>SSLTRUST</var> is simply experimentation. It might also be useful for problem diagnosis or perhaps bootstrapping a connection to a known server/client.
The main purpose of <var>SSLTRUST</var> is experimentation. It might also be useful for problem diagnosis or perhaps bootstrapping a connection to a known server/client.
 
[[Category:JANUS DEFINE parameters]]

Latest revision as of 00:01, 8 June 2016

SSLTRUST — Trust communication partner certificate

Description

SSLTRUST is a parameter on the JANUS DEFINE command. It indicates that a certificate from the other side of a TLS/SSL connection is not required to be signed by a certifying authority that has been added to the port by a JANUS ADDCA command. This parameter is available in Model 204 7.7 and later.

Note: It is a bad idea to use this parameter in production systems or systems where security is important: it defeats one of the protections of TLS/SSL — the validation of the other side of a connection. It is probably an especially bad idea for server ports, as it completely defeats the utility of client certificates for user validation — anyone can produce a certificate with any content if the certificate is not required to be signed by a known certifying authority.

The main purpose of SSLTRUST is experimentation. It might also be useful for problem diagnosis or perhaps bootstrapping a connection to a known server/client.

Retrieved from "https://m204wiki.rocketsoftware.com/index.php?title=SSLTRUST_(JANUS_DEFINE_parameter)&oldid=84517"