SSLIBSIZE (JANUS DEFINE parameter): Difference between revisions

From m204wiki
Jump to navigation Jump to search
(Automatically generated page update)
mNo edit summary
Line 4: Line 4:
<var>SSLIBSIZE</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port.  
<var>SSLIBSIZE</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port.  


This parameter specifies the size of the SSL input buffer to be used on SSL ports. An SSL port is a Janus port whose definition includes an <var>[[SSL (JANUS DEFINE parameter)|SSL]]</var> parameter, which indicates that communications on this port may be encrypted using <var class="product">[http://sirius-software.com/maint/download/jansslr.pdf Janus Network Security]</var> SSL (Secure Sockets Layer) or TLS (Transport Layer Security) support.
This parameter specifies the size of the SSL input buffer to be used on SSL ports. An SSL port is a Janus port whose definition includes an <var>[[SSL (JANUS DEFINE parameter)|SSL]]</var> parameter, which indicates that communications on this port may be encrypted using <var class="product">[http://m204wiki.rocketsoftware.com/images/d/de/JansslrNew.pdf Rocket M204 Janus Network Security]</var> SSL (Secure Sockets Layer) or TLS (Transport Layer Security) support.


Technically, the maximum "legal" SSL buffer size is 16000, but it may be necessary to use a larger input buffer if there will be connections with SSL implementations that don't fully conform to the SSL specification. If an application tries to send an SSL packet larger than <var>SSLIBSIZE</var> to a Janus SSL port, the connection will be broken and an error written to the audit trail (MSIR.0386 SSL INPUT MESSAGE TOO LONG - INCREASE SSLBSIZE). The other side of the SSL connection will not receive this error message or any other indication of why the connection was broken. There will be no effect on other users on the same port.  
Technically, the maximum "legal" SSL buffer size is 16000, but it may be necessary to use a larger input buffer if there will be connections with SSL implementations that don't fully conform to the SSL specification. If an application tries to send an SSL packet larger than <var>SSLIBSIZE</var> to a Janus SSL port, the connection will be broken and an error written to the audit trail (MSIR.0386 SSL INPUT MESSAGE TOO LONG - INCREASE SSLBSIZE). The other side of the SSL connection will not receive this error message or any other indication of why the connection was broken. There will be no effect on other users on the same port.  

Revision as of 22:53, 25 February 2014

SSLIBSIZE xxxx — Input SSL Buffer size

SSLIBSIZE is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.

This parameter specifies the size of the SSL input buffer to be used on SSL ports. An SSL port is a Janus port whose definition includes an SSL parameter, which indicates that communications on this port may be encrypted using Rocket M204 Janus Network Security SSL (Secure Sockets Layer) or TLS (Transport Layer Security) support.

Technically, the maximum "legal" SSL buffer size is 16000, but it may be necessary to use a larger input buffer if there will be connections with SSL implementations that don't fully conform to the SSL specification. If an application tries to send an SSL packet larger than SSLIBSIZE to a Janus SSL port, the connection will be broken and an error written to the audit trail (MSIR.0386 SSL INPUT MESSAGE TOO LONG - INCREASE SSLBSIZE). The other side of the SSL connection will not receive this error message or any other indication of why the connection was broken. There will be no effect on other users on the same port.

The default for SSLIBSIZE is 4096, and the minimum and maximum allowable values are 1024 and 32767, respectively.

For WEBSERV ports that are used for file uploads (HTTP PUT or form-based uploads), it will probably be necessary to set SSLIBSIZE to at least 16000, because most browsers will send SSL packets that are as large as possible. For most other applications, the SSLIBSIZE default is probably sufficient, though web applications that POST very large forms might require a slight increase of SSLIBSIZE.

SSLIBSIZE is valid for SRVSOCK, WEBSERV, OPENSERV, and SDS port types.

See also