SSLMAXCERTL (JANUS DEFINE parameter): Difference between revisions

From m204wiki
Jump to navigation Jump to search
mNo edit summary
m (remove displaytitle)
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:SSLMAXCERTL}}
<span class="pageSubtitle">SSLMAXCERTL xxx &mdash; Bytes of storage to hold incoming certs</span>
<span class="pageSubtitle"><section begin="desc" />SSLMAXCERTL xxx -- bytes of storage to hold incoming certs.<section end="desc" /></span>


<var>SSLMAXCERTL</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]].
<var>SSLMAXCERTL</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port.  


For a Janus port defined (by the <var>[[SSL (JANUS DEFINE parameter)|SSL]]</var> parameter) to support encrypted connections, this parameter indicates the number of bytes of virtual storage to be allocated to hold incoming certificates presented for authentication. Authentication verifies (or not) the certifying authority signature on the incoming certificate. Such a certificate may be:
For a Janus port defined (by the <var>[[SSL (JANUS DEFINE parameter)|SSL]]</var> parameter) to support encrypted connections, this parameter indicates the number of bytes of virtual storage to be allocated to hold incoming certificates presented for authentication. Authentication verifies (or not) the certifying authority signature on the incoming certificate. Such a certificate may be:


<ul>
<ul>
<li>A server certificate sent in reply to a CLSOCK port.  
<li>A server certificate sent in reply to a <var>[[JANUS DEFINE#type|CLSOCK]]</var> port.  
<li>A client certificate sent in reply to a <var>[[JANUS DEFINE#type|WEBSERV]]</var>, <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>[[JANUS DEFINE#type|OPENSERV]]</var>, or <var>[[JANUS DEFINE#type|SDS]]</var> port that has the <var>[[SSLCLCERT and SSLCLCERTR (JANUS DEFINE parameters)|SSLCLCERT]]</var> or <var>[[SSLCLCERT and SSLCLCERTR (JANUS DEFINE parameters)|SSLCLCERTR]]</var> parameter in its definition.
<li>A client certificate sent in reply to a <var>[[JANUS DEFINE#type|WEBSERV]]</var>, <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>[[JANUS DEFINE#type|OPENSERV]]</var>, or <var>[[JANUS DEFINE#type|SDS]]</var> port that has the <var>[[SSLCLCERT and SSLCLCERTR (JANUS DEFINE parameters)|SSLCLCERT]]</var> or <var>[[SSLCLCERT and SSLCLCERTR (JANUS DEFINE parameters)|SSLCLCERTR]]</var> parameter in its definition.
</ul>
</ul>
Line 15: Line 14:
The default <var>SSLMAXCERTL</var> size is 1024, which should be large enough to hold most certificates received from clients or servers. The minimum and maximum <var>SSLMAXCERTL</var> values are 256 and 32767, respectively. It is unlikely that any incoming certificate will be smaller than 512 bytes, and it is extremely unlikely that an incoming certificate will be larger than 2048 bytes. If an incoming certificate is larger than <var>SSLMAXCERTL</var>, an error message is logged to the audit trail and the connection is closed.  
The default <var>SSLMAXCERTL</var> size is 1024, which should be large enough to hold most certificates received from clients or servers. The minimum and maximum <var>SSLMAXCERTL</var> values are 256 and 32767, respectively. It is unlikely that any incoming certificate will be smaller than 512 bytes, and it is extremely unlikely that an incoming certificate will be larger than 2048 bytes. If an incoming certificate is larger than <var>SSLMAXCERTL</var>, an error message is logged to the audit trail and the connection is closed.  


<var>SSLMAXCERTL</var> is valid for <var>OPENSERV</var>, <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, CLSOCK (but not DEBUGGERCLIENT), and <var>[[JANUS DEFINE#type|WEBSERV]]</var> port types.
<var>SSLMAXCERTL</var> is valid for <var>OPENSERV</var>, <var>SRVSOCK</var>, <var>CLSOCK</var> (but not <var>[[JANUS DEFINE#type|DEBUGGERCLIENT]]</var>), and <var>WEBSERV</var> port types.


==See also==
==See also==
<ul>
<ul>
<li>[[List of Janus commands]]
<li>[[List of Janus commands]]

Latest revision as of 23:58, 7 June 2016

SSLMAXCERTL xxx — Bytes of storage to hold incoming certs

SSLMAXCERTL is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.

For a Janus port defined (by the SSL parameter) to support encrypted connections, this parameter indicates the number of bytes of virtual storage to be allocated to hold incoming certificates presented for authentication. Authentication verifies (or not) the certifying authority signature on the incoming certificate. Such a certificate may be:

Since incoming certificates are cached, SSLMAXCERTL bytes are allocated for each SSL session in the cache, the size of which is determined by the explicit or implicit setting of the SSLCACHE parameter.

The default SSLMAXCERTL size is 1024, which should be large enough to hold most certificates received from clients or servers. The minimum and maximum SSLMAXCERTL values are 256 and 32767, respectively. It is unlikely that any incoming certificate will be smaller than 512 bytes, and it is extremely unlikely that an incoming certificate will be larger than 2048 bytes. If an incoming certificate is larger than SSLMAXCERTL, an error message is logged to the audit trail and the connection is closed.

SSLMAXCERTL is valid for OPENSERV, SRVSOCK, CLSOCK (but not DEBUGGERCLIENT), and WEBSERV port types.

See also