SSLUNENC (JANUS DEFINE parameter): Difference between revisions

From m204wiki
Jump to navigation Jump to search
mNo edit summary
m (remove displaytitle)
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<span class="pageSubtitle"><section begin="desc" />(deprecated parameter) Use unencrypted private key<section end="desc" /></span>
<span class="pageSubtitle">(deprecated parameter) Use unencrypted private key</span>


<var>SSLUNENC</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port.  
<var>SSLUNENC</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port.  
Line 5: Line 5:
This parameter indicates that an unencrypted private key is being used in the certificate specified by the <var>[[SSL (JANUS DEFINE parameter)|SSL]]</var> parameter on this Janus server port definition.  
This parameter indicates that an unencrypted private key is being used in the certificate specified by the <var>[[SSL (JANUS DEFINE parameter)|SSL]]</var> parameter on this Janus server port definition.  


'''Note:''' As of ''Sirius Mods'' Version 6.2, this parameter is '''''obsolete''''' &mdash; as of this version, <var class="product">[http://sirius-software.com/maint/download/jansslr.pdf Janus Network Security]</var> automatically determines whether or not the private key is encrypted, and if not, prompts for a password. A corrupted private key procedure could lead <var class="product">Janus Network Security</var> to believe that the private key must be encrypted, and so result in a password prompt.  
<p class="note">'''Note:''' This parameter is '''''obsolete''''' &mdash; <var class="product">[[Janus Network Security]]</var> automatically determines whether or not the private key is encrypted, and if not, prompts for a password. A corrupted private key procedure could lead <var class="product">Janus Network Security</var> to believe that the private key must be encrypted, and so result in a password prompt. The use of unencrypted private keys is discouraged. </p>


Regardless of the ''Sirius Mods'' version, the use of unencrypted private keys is discouraged.  
Formerly, <var>SSLUNENC</var> must have been specified on a port definition if an unencrypted private key was used. Otherwise, the <var>[[JANUS START]]</var> command for an SSL-secured port would prompt for a password (technically, a seed for the encryption algorithm) to use to decrypt the private key. Any data, or even a null value, entered for the password will incorrectly be used in an attempt to decrypt the private key (rendering the key unusable), and the <var>START</var> will fail.  


Before ''Sirius Mods'' Version 6.2, <var>SSLUNENC</var> must have been specified on a port definition if an unencrypted private key was used. Otherwise, the <var>[[JANUS START]]</var> command for an SSL-secured port would prompt for a password (technically, a seed for the encryption algorithm) to use to decrypt the private key. Any data, or even a null value, entered for the password will incorrectly be used in an attempt to decrypt the private key (rendering the key unusable), and the <var>START</var> will fail.  
Similarly, if an encrypted private key '''is''' used in the certificate specified on the <var>SSL</var> parameter, the <var>SSLUNENC</var> parameter '''must not''' be specified. Specifying <var>SSLUNENC</var> will prevent password prompting for that key, thus bypassing decryption of the private key (rendering it unusable), and causing the <var>START</var> to fail.  


Similarly, if an encrypted private key '''is''' used in the certificate specified on the <var>SSL</var> parameter, the <var>SSLUNENC</var> parameter '''must not''' be specified. Specifying <var>SSLUNENC</var> will prevent password prompting for that key, thus bypassing decryption of the private key (rendering it unusable), and causing the START to fail.
The certificate and private key generation process is described further in the <var class="product">[[Janus Network Security]]</var> pages.  
 
The certificate and private key generation process is described further in the <var class="product">[http://sirius-software.com/maint/download/jansslr.pdf Janus Network Security Reference Manual]</var>.  


<var>SSLUNENC</var> is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>[[JANUS DEFINE#type|WEBSERV]]</var>, <var>[[JANUS DEFINE#type|OPENSERV]]</var>, and <var>[[JANUS DEFINE#type|SDS]]</var> port types.
<var>SSLUNENC</var> is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>[[JANUS DEFINE#type|WEBSERV]]</var>, <var>[[JANUS DEFINE#type|OPENSERV]]</var>, and <var>[[JANUS DEFINE#type|SDS]]</var> port types.

Latest revision as of 00:07, 8 June 2016

(deprecated parameter) Use unencrypted private key

SSLUNENC is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.

This parameter indicates that an unencrypted private key is being used in the certificate specified by the SSL parameter on this Janus server port definition.

Note: This parameter is obsoleteJanus Network Security automatically determines whether or not the private key is encrypted, and if not, prompts for a password. A corrupted private key procedure could lead Janus Network Security to believe that the private key must be encrypted, and so result in a password prompt. The use of unencrypted private keys is discouraged.

Formerly, SSLUNENC must have been specified on a port definition if an unencrypted private key was used. Otherwise, the JANUS START command for an SSL-secured port would prompt for a password (technically, a seed for the encryption algorithm) to use to decrypt the private key. Any data, or even a null value, entered for the password will incorrectly be used in an attempt to decrypt the private key (rendering the key unusable), and the START will fail.

Similarly, if an encrypted private key is used in the certificate specified on the SSL parameter, the SSLUNENC parameter must not be specified. Specifying SSLUNENC will prevent password prompting for that key, thus bypassing decryption of the private key (rendering it unusable), and causing the START to fail.

The certificate and private key generation process is described further in the Janus Network Security pages.

SSLUNENC is valid for SRVSOCK, WEBSERV, OPENSERV, and SDS port types.

See also