SSL (JANUS DEFINE parameter): Difference between revisions
mNo edit summary |
m (link repair) |
||
(22 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
<span class="pageSubtitle" | <span class="pageSubtitle">Sets encryption on</span> | ||
<var>SSL</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. | <var>SSL</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. | ||
Line 7: | Line 7: | ||
<table class="syntaxTable"> | <table class="syntaxTable"> | ||
<tr><th nowrap><var>SSL</var> procfile procname</th> | <tr><th nowrap><var>SSL</var> procfile procname</th> | ||
<td>Identifies the file (typically JANSSL) and procedure that contain the certificate to be presented to clients on server ports and to the server on <var>[[JANUS DEFINE#type|CLSOCK]]</var> ports.</td></tr> | <td>Identifies the file (typically JANSSL) and procedure that contain the certificate to be presented to clients on Janus server ports, and to the server on <var>[[JANUS DEFINE#type|CLSOCK]]</var> ports.</td></tr> | ||
<tr><th><var>SSL *</var></th> | <tr><th><var>SSL *</var></th> | ||
<td>Presents to the client or server the "self-signed certificate" provided for your site by | <td>Presents to the client or server the "self-signed certificate" provided for your site by Rocket Software.</td></tr> | ||
<tr><th><var>SSL 0</var></th> | <tr><th><var>SSL 0</var></th> | ||
Line 17: | Line 17: | ||
</table> | </table> | ||
Certificates and authentication are described further in the <var class="product">[ | Certificates and authentication are described further in the <var class="product">[[Janus Network Security]]</var> pages. | ||
Other optional <var>DEFINE</var> command parameters used in conjunction with the <var>SSL</var> parameter include: | Other optional <var>DEFINE</var> command parameters used in conjunction with the <var>SSL</var> parameter include: | ||
Line 24: | Line 24: | ||
<li>For server sockets: <var>[[SSLBSIZE (JANUS DEFINE parameter)|SSLBSIZE]]</var>, <var>[[SSLCIPH (JANUS DEFINE parameter)|SSLCIPH]]</var>, <var>[[SSLCLCERT and SSLCLCERTR (JANUS DEFINE parameters)|SSLCLCERT]]</var>/<var>[[SSLCLCERT and SSLCLCERTR (JANUS DEFINE parameters)|SSLCLCERTR]]</var>, <var>[[SSLIBSIZE (JANUS DEFINE parameter)|SSLIBSIZE]]</var>, <var>[[SSLOBSIZE (JANUS DEFINE parameter)|SSLOBSIZE]]</var>, <var>[[SSLPROT (JANUS DEFINE parameter)|SSLPROT]]</var>, <var>[[SSLSES (JANUS DEFINE parameter)|SSLSES]]</var> | <li>For server sockets: <var>[[SSLBSIZE (JANUS DEFINE parameter)|SSLBSIZE]]</var>, <var>[[SSLCIPH (JANUS DEFINE parameter)|SSLCIPH]]</var>, <var>[[SSLCLCERT and SSLCLCERTR (JANUS DEFINE parameters)|SSLCLCERT]]</var>/<var>[[SSLCLCERT and SSLCLCERTR (JANUS DEFINE parameters)|SSLCLCERTR]]</var>, <var>[[SSLIBSIZE (JANUS DEFINE parameter)|SSLIBSIZE]]</var>, <var>[[SSLOBSIZE (JANUS DEFINE parameter)|SSLOBSIZE]]</var>, <var>[[SSLPROT (JANUS DEFINE parameter)|SSLPROT]]</var>, <var>[[SSLSES (JANUS DEFINE parameter)|SSLSES]]</var> | ||
<li>For client and | <li>For client and <var>[[JANUS DEFINE#type|FTPSERVER]]</var> sockets: <var>[[SSLOPT (JANUS DEFINE parameter)|SSLOPT]]</var> | ||
<li>For | <li>For any of the above types of sockets: <var>[[SSLCACHE (JANUS DEFINE parameter)|SSLCACHE]]</var>, <var>[[SSLMAXAGE (JANUS DEFINE parameter)|SSLMAXAGE]]</var>, <var>[[SSLMAXCERTL (JANUS DEFINE parameter)|SSLMAXCERTL]]</var>, <var>[[SSLUNENC (JANUS DEFINE parameter)|SSLUNENC]]</var> | ||
</ul> | </ul> | ||
Line 32: | Line 32: | ||
<ul> | <ul> | ||
<li>For ports that authenticate incoming certificates: [[JANUS ADDCA]], [[JANUS DELCA]], [[JANUS DISPLAYCA]], [[JANUS STATCA]]. | <li>For ports that authenticate incoming certificates: <var>[[JANUS ADDCA]]</var>, <var>[[JANUS DELCA]]</var>, <var>[[JANUS DISPLAYCA]]</var>, <var>[[JANUS STATCA]]</var>. | ||
<li>For monitoring a port's SSL activity: <var> | <li>For monitoring a port's SSL activity: <var>[[JANUS SSLSTAT or SSLSTATUS|JANUS SSLSTAT]]</var> | ||
</ul> | </ul> | ||
<var class="product">[[Janus Web Server]]</var> $functions useful for SSL applications include: <var>[[$Web_Cert_Info]]</var>, <var>[[$Web_Cert_Levels]]</var>, <var>[[$Web_Cipher]]</var>, <var>[[$Web_Protocol]]</var>, <var>[[$Web_Secure]]</var>. | <var class="product">[[Janus Web Server]]</var> $functions useful for SSL applications include: <var>[[$Web_Cert_Info]]</var>, <var>[[$Web_Cert_Levels]]</var>, <var>[[$Web_Cipher]]</var>, <var>[[$Web_Protocol]]</var>, <var>[[$Web_Secure]]</var>. | ||
The <var>SSL</var> parameter is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>CLSOCK</var> (but not DEBUGGERCLIENT), <var>[[JANUS DEFINE#type|WEBSERV]]</var>, or <var>[[JANUS DEFINE#type|TNSERV]]</var> port types. | The <var>SSL</var> parameter is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>CLSOCK</var> (but not <var>[[JANUS DEFINE#type|DEBUGGERCLIENT]]</var>), <var>[[JANUS DEFINE#type|WEBSERV]]</var>, or <var>[[JANUS DEFINE#type|TNSERV]]</var> port types. | ||
As of <var class="product">Sirius Mods</var> 8.0, <var>SSL</var> is also | As of <var class="product">Sirius Mods</var> 8.0, <var>SSL</var> is also [[Janus_FTP_Server#Security_and_Janus_FTP_Server|available for FTPSERVER]] ports. Currently, only explicit invocation of SSL is supported for <var>FTPSERVER</var> ports, as described at [http://en.wikipedia.org/wiki/FTPS#Methods_of_invoking_security the Wikipedia FTPS entry]. | ||
==See also== | ==See also== |
Latest revision as of 18:57, 1 June 2016
Sets encryption on
SSL is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.
The SSL parameter indicates that communications on this port should be encrypted using Janus Network Security SSL (Secure Sockets Layer) or TLS (Transport Layer Security) support. The parameter has the following mutually exclusive options:
SSL procfile procname | Identifies the file (typically JANSSL) and procedure that contain the certificate to be presented to clients on Janus server ports, and to the server on CLSOCK ports. |
---|---|
SSL * | Presents to the client or server the "self-signed certificate" provided for your site by Rocket Software. |
SSL 0 | Indicates for CLSOCK ports that, although the connection is encrypted, the client is not to provide a certificate to the server if requested. Server certificates are required to establish an encrypted connection, but client certificates are optional and are not used at all by many secured servers. |
Certificates and authentication are described further in the Janus Network Security pages.
Other optional DEFINE command parameters used in conjunction with the SSL parameter include:
- For server sockets: SSLBSIZE, SSLCIPH, SSLCLCERT/SSLCLCERTR, SSLIBSIZE, SSLOBSIZE, SSLPROT, SSLSES
- For client and FTPSERVER sockets: SSLOPT
- For any of the above types of sockets: SSLCACHE, SSLMAXAGE, SSLMAXCERTL, SSLUNENC
Other JANUS commands useful for SSL ports include:
- For ports that authenticate incoming certificates: JANUS ADDCA, JANUS DELCA, JANUS DISPLAYCA, JANUS STATCA.
- For monitoring a port's SSL activity: JANUS SSLSTAT
Janus Web Server $functions useful for SSL applications include: $Web_Cert_Info, $Web_Cert_Levels, $Web_Cipher, $Web_Protocol, $Web_Secure.
The SSL parameter is valid for SRVSOCK, CLSOCK (but not DEBUGGERCLIENT), WEBSERV, or TNSERV port types. As of Sirius Mods 8.0, SSL is also available for FTPSERVER ports. Currently, only explicit invocation of SSL is supported for FTPSERVER ports, as described at the Wikipedia FTPS entry.