"Fossies" - the Fresh Open Source Software Archive

Member "courier-1.2.2/libs/tcpd/README.couriertls" (20 Jan 2022, 2454 Bytes) of package /linux/misc/courier-1.2.2.tar.bz2:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. 
    1 # couriertls uses the following variables to initialize SSL/TLS:
    2 #
    3 # WARNING: Peer certificate verification has NOT yet been tested.  Proceed
    4 # at your own risk.  Only the basic SSL/TLS functionality is known to be
    5 # working. Keep this in mind as you play with the following variables.
    6 #
    7 # TLS_PROTOCOL sets the protocol version.  The possible versions are:
    8 #
    9 # SSL2 - SSLv2
   10 # SSL3 - SSLv3
   11 # TLS1 - TLS1
   12 
   13 TLS_PROTOCOL=TLS1
   14 
   15 # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
   16 # OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
   17 # undefined
   18 #
   19 # TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
   20 
   21 # TLS_TIMEOUT is currently not implemented, and reserved for future use.
   22 # This is supposed to be an inactivity timeout, but its not yet implemented.
   23 
   24 # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
   25 # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
   26 # you must generate a DH pair that will be used.  In most situations the
   27 # DH pair is to be treated as confidential, and the file specified by
   28 # TLS_DHCERTFILE must not be world-readable.
   29 #
   30 # TLS_DHCERTFILE=
   31 
   32 # TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
   33 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
   34 # treated as confidential, and must not be world-readable.
   35 #
   36 # TLS_CERTFILE=
   37 
   38 
   39 # TLS_PEERCERTDIR, TLS_OURCACERT - when it is required that all peer
   40 # certificates are signed by a specific certificate authority, set
   41 # TLS_OURCACERT to the name of the file containing the certificate authority
   42 # root key, and set TLS_PEERCERTDIR to the name of the directory containing
   43 # the allowed certificates.
   44 #
   45 # TLS_PEERCERTDIR=
   46 # TLS_OURCACERT=
   47 
   48 #
   49 # TLS_VERIFYPEER - how to verify peer certificates.  The possible values of
   50 # this setting are:
   51 #
   52 # NONE - do not verify anything
   53 #
   54 # PEER - verify the peer certificate, if one's presented
   55 #
   56 # REQUIREPEER - require a peer certificate, fail if one's not presented
   57 #
   58 # SSL/TLS servers will usually set TLS_VERIFYPEER to NONE.  SSL/TLS clients
   59 # will usually set TLS_VERIFYPEER to REQUIREPEER.
   60 #
   61 # TLS_VERIFYPEER=PEER
   62 
   63 # TLS_ALLOWSELFSIGNEDCERT - this is an alternative to clients using
   64 # TLS_VERIFYPEER=NONE.  TLS_ALLOWSELFSIGNEDCERT ignores server certificates
   65 # that are not signed by a recognized certificate authority.  This allows
   66 # clients to simply verify that a server certificate is available.
   67 #
   68 # TLS_ALLOWSELFSIGNEDCERT=1