...
| Setting | Default | Description |
|---|---|---|
| HTTP_SSL | FALSE | May be set to TRUE or FALSE. To enable SSL, set it to TRUE. |
| HTTP_SSL_REDIRECT | FALSE | May be set to TRUE or FALSE. Set the value to TRUE to enable automatic redirection from http to https. |
| SSL_KEYSTORE | empty | Path to keystore with loaded certificate and its private key. |
| SSL_KEYSTORE_PASSWORD | empty | Password to keystore. |
| SSL_KEYSTORE_KEY_ALIAS | xflicstat | Key under which certificate is stored inside keystore. |
| SSL_PROTOCOLS | TLSv1.1,TLSv1.2,TLSv1.3 | Defines which SSL/TLS protocols are enabled. This setting should either be commented out or not empty. |
| SSL_CIPHERS | HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA | List of enabled/disabled ciphers. This setting should either be commented out or not empty. |
| Info |
|---|
| Every key should either be commented out or non-empty. Commented-out settings contain the default value. |
Example configuration
The configuration example below shows:
- Enabled SSL with automatic redirection from http to https.
- The certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias xflicstat.
- The only allowed protocol is TLSv1.3.
- Only algorithms with long keys (HIGH) with support for authentication (!aNULL) and encryption (!eNULL) are allowed, and some weaker algorithms are blocked (!EXPORT:!DES:!RC4:!MD5:!kRSA).
...