SSLMAXCERTL (JANUS DEFINE parameter)

<section begin="desc" />xxx<section end="desc" />

SSLMAXCERTL is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port. See the List of JANUS DEFINE parameters.

For a Janus port defined (by the SSL parameter) to support encrypted connections, this parameter indicates the number of bytes of virtual storage to be allocated to hold incoming certificates presented for authentication. Authentication verifies (or not) the certifying authority signature on the incoming certificate. Such a certificate may be:

• A server certificate sent in reply to a CLSOCK port.
• A client certificate sent in reply to a WEBSERV, SRVSOCK, OPENSERV, or SDS port that has the SSLCLCERT or SSLCLCERTR parameter in its definition.

Since incoming certificates are cached, SSLMAXCERTL bytes are allocated for each SSL session in the cache, the size of which is determined by the explicit or implicit setting of the SSLCACHE parameter (:hdref refid=sslcac.).

The default SSLMAXCERTL size is 1024, which should be large enough to hold most certificates received from clients or servers. The minimum and maximum SSLMAXCERTL values are 256 and 32767, respectively. It is unlikely that any incoming certificate will be smaller than 512 bytes, and it is extremely unlikely that an incoming certificate will be larger than 2048 bytes. If an incoming certificate is larger than SSLMAXCERTL, an error message is logged to the audit trail and the connection is closed.

The SSLMAXCERTL parameter is only available in Version 6.0 and later of the Sirius Mods.

SSLMAXCERTL is valid for SRVSOCK, CLSOCK, &P$WBSYB port types.

References

See: List of Janus commands | List of JANUS DEFINE parameters.