SSLPROT (JANUS DEFINE parameter): Difference between revisions

From m204wiki
Jump to navigation Jump to search
m (1 revision)
m (1 revision)
Line 24: Line 24:
A typical reason for explicitly specifying an <var>SSLPROT</var> value is to require a more secure connection for a port. If a client attempts to connect to a Janus server port using a protocol explicitly disallowed by <var>SSLPROT</var>, the connection is immediately broken, except for <var>[[JANUS DEFINE#type|WEBSERV]]</var> ports where the <var>SSLPROTOCOLERR</var> exception handler will be run if available.  
A typical reason for explicitly specifying an <var>SSLPROT</var> value is to require a more secure connection for a port. If a client attempts to connect to a Janus server port using a protocol explicitly disallowed by <var>SSLPROT</var>, the connection is immediately broken, except for <var>[[JANUS DEFINE#type|WEBSERV]]</var> ports where the <var>SSLPROTOCOLERR</var> exception handler will be run if available.  


Janus CLSOCK ports will attempt to connect under the most secure protocol available, and will fall back to the next-most secure protocol available; if less-secure protocols are disallowed by <var>SSLPROT</var>, the connection attempt will fail.  
Janus <var>[[JANUS DEFINE#type|CLSOCK]]</var> ports will attempt to connect under the most secure protocol available, and will fall back to the next-most secure protocol available; if less-secure protocols are disallowed by <var>SSLPROT</var>, the connection attempt will fail.  


<var>SSLPROT</var> is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>WEBSERV</var>, OPENSERV and <var>[[JANUS DEFINE#type|SDS]]</var> port types.
<var>SSLPROT</var> is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>WEBSERV</var>, OPENSERV and <var>[[JANUS DEFINE#type|SDS]]</var> port types.

Revision as of 19:32, 29 February 2012

<section begin="desc" />SSLPROT xxx -- Degree of SSL-like encryption<section end="desc" />

SSLPROT is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port. See the List of JANUS DEFINE parameters.

This parameter lets you specify the degree of SSL-like encryption available at this port. Janus Network Security currently supports two Secure Socket Layer (SSL) protocols (SSL V2 and SSL V3) and the Transport Layer Security (TLS) protocol, an extension to SSL V3 but developed by the IETF Internet standards group.

During the negotiation for a connection to or from this port, Janus will offer the most secure protocol available, then, if necessary, will fall back to the next lower one available, and so on. The SSLPROT parameter lets you explicitly disallow one or more protocols from the negotiation.

SSLPROT is a bitmask parameter whose main values are:

X'01' SSL, V2 support. This is less secure than SSL V3 or TLS.
X'02' SSL, V3 support. This is less secure than TLS.
X'04' TLS, V1 support.
X'07' The default. SSL V2, SSL V3, and TLS are available. Janus will try for them in the order: TLS, SSL V3, SSL V2.

A typical reason for explicitly specifying an SSLPROT value is to require a more secure connection for a port. If a client attempts to connect to a Janus server port using a protocol explicitly disallowed by SSLPROT, the connection is immediately broken, except for WEBSERV ports where the SSLPROTOCOLERR exception handler will be run if available.

Janus CLSOCK ports will attempt to connect under the most secure protocol available, and will fall back to the next-most secure protocol available; if less-secure protocols are disallowed by SSLPROT, the connection attempt will fail.

SSLPROT is valid for SRVSOCK, WEBSERV, OPENSERV and SDS port types.

See also