SSLPROT (JANUS DEFINE parameter): Difference between revisions
(8 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<span class="pageSubtitle">SSLPROT xxx — Degree of SSL-like encryption</span> | <span class="pageSubtitle">SSLPROT xxx — Degree of SSL-like encryption</span> | ||
<var>SSLPROT</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. | ==Description== | ||
<var>SSLPROT</var> is a parameter on the <var>[[JANUS DEFINE]]</var> command, which defines and sets characteristics of a Janus port. | |||
This parameter lets you specify the degree of SSL-like encryption available at this port. <var class="product">[ | This parameter lets you specify the degree of SSL-like encryption available at this port. <var class="product">[[Janus Network Security|Rocket M204 Janus Network Security]]</var> supports the Secure Socket Layer (SSL) protocol as well as the Transport Layer Security (TLS) protocol, an extension to SSL V3 but developed by the IETF Internet standards group. For the versions and levels of these protocols that are supported, see the parameter table below. | ||
During the negotiation for a connection to or from this port, Janus will offer the most secure protocol available, then, if necessary, will fall back to the next lower one available, and so on. The <var>SSLPROT</var> parameter lets you explicitly disallow one or more protocols from the negotiation. | During the negotiation for a connection to or from this port, Janus will offer the most secure protocol available, then, if necessary, will fall back to the next lower one available, and so on. The <var>SSLPROT</var> parameter lets you explicitly disallow one or more protocols from the negotiation. | ||
Line 10: | Line 10: | ||
<var>SSLPROT</var> is a bitmask parameter whose main values are: | <var>SSLPROT</var> is a bitmask parameter whose main values are: | ||
<table class=" | <table class="thJustBold"> | ||
<tr class="head"><th>Bit</th><th>Description</th></tr> | |||
<tr><th>X'01'</th> | <tr><th>X'01'</th> | ||
<td>SSL, V2 support. This is less secure than SSL V3 or TLS.</td></tr> | <td>SSL, V2 support. This is less secure than SSL V3 or TLS. Not supported in <var class="product">Model 204</var> 7.5 and later.</td></tr> | ||
<tr><th>X'02'</th> | <tr><th>X'02'</th> | ||
<td>SSL, V3 support. This is less secure than TLS.</td></tr> | <td>SSL, V3 support. This is less secure than TLS.</td></tr> | ||
<tr><th>X'04'</th> | <tr><th>X'04'</th> | ||
<td>TLS, 1.0 support.</td></tr> | <td>TLS, 1.0 support.</td></tr> | ||
<tr><th>X'08'</th> | <tr><th>X'08'</th> | ||
<td>TLS 1.1 support. | <td>TLS 1.1 support. Available as of <var class="product">Model 204</var> 7.5.</td></tr> | ||
<tr><th>X'10'</th> | <tr><th>X'10'</th> | ||
<td>TLS 1.2 support. | <td>TLS 1.2 support. Available as of <var class="product">Model 204</var> 7.5.</td></tr> | ||
<tr><th>X'07'</th> | <tr><th>X'07'</th> | ||
<td>The default under <var class=" | <td>The default under <var class="product">Model 204</var> 7.4 and earlier. SSL V2, SSL V3, and TLS 1.0 are available. Janus will try for them in the order: TLS 1.0, SSL V3, and SSL V2. | ||
<tr><th>X'1E'</th> | <tr><th>X'1E'</th> | ||
<td>The default under <var class=" | <td>The default under <var class="product">Model 204</var> 7.5 and later. SSL V3, and TLS 1.0, TLS 1.1, and TLS1.2 are available. Janus will try for them in the order: TLS 1.2, TLS 1.1, TLS 1.0, and SSL V3.</td></tr> | ||
</table> | </table> | ||
Line 31: | Line 38: | ||
Janus <var>[[JANUS DEFINE#type|CLSOCK]]</var> ports will attempt to connect under the most secure protocol available, and will fall back to the next-most secure protocol available; if less-secure protocols are disallowed by <var>SSLPROT</var>, the connection attempt will fail. | Janus <var>[[JANUS DEFINE#type|CLSOCK]]</var> ports will attempt to connect under the most secure protocol available, and will fall back to the next-most secure protocol available; if less-secure protocols are disallowed by <var>SSLPROT</var>, the connection attempt will fail. | ||
<var>SSLPROT</var> is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>WEBSERV</var>, <var>[[JANUS DEFINE#type|OPENSERV]]</var>, and <var>[[JANUS DEFINE#type|SDS]]</var> port types. | <var>SSLPROT</var> is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>CLSOCK</var>, <var>WEBSERV</var>, <var>[[JANUS DEFINE#type|OPENSERV]]</var>, and <var>[[JANUS DEFINE#type|SDS]]</var> port types. | ||
==See also== | ==See also== |
Latest revision as of 15:42, 17 June 2016
SSLPROT xxx — Degree of SSL-like encryption
Description
SSLPROT is a parameter on the JANUS DEFINE command, which defines and sets characteristics of a Janus port.
This parameter lets you specify the degree of SSL-like encryption available at this port. Rocket M204 Janus Network Security supports the Secure Socket Layer (SSL) protocol as well as the Transport Layer Security (TLS) protocol, an extension to SSL V3 but developed by the IETF Internet standards group. For the versions and levels of these protocols that are supported, see the parameter table below.
During the negotiation for a connection to or from this port, Janus will offer the most secure protocol available, then, if necessary, will fall back to the next lower one available, and so on. The SSLPROT parameter lets you explicitly disallow one or more protocols from the negotiation.
SSLPROT is a bitmask parameter whose main values are:
Bit | Description |
---|---|
X'01' | SSL, V2 support. This is less secure than SSL V3 or TLS. Not supported in Model 204 7.5 and later. |
X'02' | SSL, V3 support. This is less secure than TLS. |
X'04' | TLS, 1.0 support. |
X'08' | TLS 1.1 support. Available as of Model 204 7.5. |
X'10' | TLS 1.2 support. Available as of Model 204 7.5. |
X'07' | The default under Model 204 7.4 and earlier. SSL V2, SSL V3, and TLS 1.0 are available. Janus will try for them in the order: TLS 1.0, SSL V3, and SSL V2. |
X'1E' | The default under Model 204 7.5 and later. SSL V3, and TLS 1.0, TLS 1.1, and TLS1.2 are available. Janus will try for them in the order: TLS 1.2, TLS 1.1, TLS 1.0, and SSL V3. |
A typical reason for explicitly specifying an SSLPROT value is to require a more secure connection for a port. If a client attempts to connect to a Janus server port using a protocol explicitly disallowed by SSLPROT, the connection is immediately broken, except for WEBSERV ports where the SSLPROTOCOLERR exception handler will be run if available.
Janus CLSOCK ports will attempt to connect under the most secure protocol available, and will fall back to the next-most secure protocol available; if less-secure protocols are disallowed by SSLPROT, the connection attempt will fail.
SSLPROT is valid for SRVSOCK, CLSOCK, WEBSERV, OPENSERV, and SDS port types.