SSL can be enabled in the xflicstat.cfg file. Available settings include the following.
| Setting | Default | Description |
|---|---|---|
| HTTP_SSL | FALSE | May be set to TRUE or FALSE. To enable SSL, set it to TRUE. |
| HTTP_SSL_REDIRECT | FALSE | May be set to TRUE or FALSE. Set the value to TRUE to enable automatic redirection from http to https. |
| SSL_KEYSTORE | empty | Path to keystore with loaded certificate and its private key. |
| SSL_KEYSTORE_PASSWORD | empty | Password to keystore. |
| SSL_KEYSTORE_KEY_ALIAS | xflicstat | Key under which certificate is stored inside keystore. |
| SSL_PROTOCOLS | TLSv1.1,TLSv1.2,TLSv1.3 | Defines which SSL/TLS protocols are enabled. |
| SSL_CIPHERS | HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA | List of enabled/disabled ciphers. |
Every key should either be commented out or non-empty. Commented-out settings contain the default value.
Example configuration
The configuration example below shows:
- Enabled SSL with automatic redirection from http to https.
- The certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias xflicstat.
- The only allowed protocol is TLSv1.2.
- Only algorithms with long keys (HIGH) with support for authentication (!aNULL) and encryption (!eNULL) are allowed, and some weaker algorithms are blocked (!EXPORT:!DES:!RC4:!MD5:!kRSA).
HTTP_SSL = TRUE HTTP_SSL_REDIRECT = TRUE SSL_KEYSTORE = C:\Keystores\keystore.p12 SSL_KEYSTORE_PASSWORD = Password123 SSL_KEYSTORE_KEY_ALIAS = xflicstat SSL_PROTOCOLS = TLSv1.2 SSL_CIPHERS = HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA