Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SettingDefaultDescription
HTTP_SSL FALSEMay be set to TRUE or FALSE. To enable SSL, set it to TRUE.
HTTP_SSL_REDIRECT FALSEMay be set to TRUE or FALSE. Set the value to TRUE to enable automatic redirection from http to https.
SSL_KEYSTORE emptyPath to keystore with loaded certificate and its private key.
SSL_KEYSTORE_PASSWORD emptyPassword to keystore.
SSL_KEYSTORE_KEY_ALIAS xflicstatKey under which certificate is stored inside keystore.
SSL_PROTOCOLS TLSv1.1,TLSv1.2,TLSv1.3Defines which SSL/TLS protocols are enabled. This setting should either be commented out or not empty.
SSL_CIPHERS HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSAList of enabled/disabled ciphers. This setting should either be commented out or not empty.



Info
Every key should either be commented out or non-empty. Commented-out settings contain the default value.


Example configuration

The configuration example below shows:

  • Enabled SSL with automatic redirection from http to https.
  • The certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias xflicstat. 
  • The only allowed protocol is TLSv1.3
  • Only algorithms with long keys (HIGH) with support for authentication (!aNULL) and encryption (!eNULL) are allowed, and some weaker algorithms are blocked (!EXPORT:!DES:!RC4:!MD5:!kRSA).

...