SSLIBSIZE (JANUS DEFINE parameter)

From m204wiki
Jump to navigation Jump to search

SSLIBSIZE xxxx — Input SSL Buffer size

Description

SSLIBSIZE is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.

This parameter specifies the size of the SSL input buffer to be used on SSL ports. An SSL port is a Janus port whose definition includes an SSL parameter, which indicates that communications on this port may be encrypted using Rocket M204 Janus Network Security SSL (Secure Sockets Layer) or TLS (Transport Layer Security) support.

If an application tries to send an SSL packet larger than SSLIBSIZE to a Janus SSL port, the connection is broken and an error is written to the audit trail (MSIR.0386 SSL INPUT MESSAGE TOO LONG - INCREASE SSLBSIZE). The other side of the SSL connection will not receive this error message or any other indication of why the connection was broken. There will be no effect on other users on the same port.

The maximum "legal" SSL buffer size is 16384 bytes.

The default for SSLIBSIZE is 4096, and the minimum and maximum allowable values are 1024 and 16384, respectively. Prior to Model 204 version 7.5, the maximum value was 32767, which was available if it were necessary to use a larger input buffer for connections with SSL V2 implementations not fully conforming to the SSL specification. As of Model 204 V7.5, Janus products no longer support SSL V2. As such, by default, an SSLIBSIZE greater than 16384 is automatically decreased to 16384 in Model 204 7.5 and later. However, if there is a need to communicate with a non-conforming SSL implementation, the CUSTOM 18 parameter can be set to allow SSLIBSIZE to be set to a value greater than 16384.

For more information about Janus SSL protocol support, see SSLPROT and SSLCIPH.

For WEBSERV ports that are used for file uploads (HTTP PUT or form-based uploads), it will probably be necessary to set SSLIBSIZE to its maximum, because most browsers will send SSL packets that are as large as possible. For most other applications, the SSLIBSIZE default is probably sufficient, though web applications that POST very large forms might require a slight increase of SSLIBSIZE.

SSLIBSIZE is valid for SRVSOCK, WEBSERV, OPENSERV, and SDS port types.

See also