Provider - SSL Context
Search form
Description - This provider creates a reusable configuration for providing authentication and data encryption via TLS/SSL.
Runtime Class - com.iwaysoftware.eclipse.template.SslContextProviderType
Parameter Groups
Parameter Type Description * Keystore: string Configured Security Provider for the keystore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Keystores hold private keys.
Click below for a definition:
* Truststore: string Configured Security Provider for the truststore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Truststores hold the certificate of Trusted CAs used to verify peer certificates.
Click below for a definition:
* Security Protocol: string Specify the version of security protocol that should be used. During SSL handshake, a negotiation selects the protocol to be used from the best mutually supported. This field sets the minimum acceptable security protocol. If the handshake cannot select a mutually supported protocol, the connection fails.
Select from one of the following options:
- Default {Default}
- SSL {SSL}
- SSLv3 {SSLv3}
- TLS {TLS}
- TLSv1 {TLSv1}
- TLSv1.1 {TLSv1.1}
- TLSv1.2 {TLSv1.2}
Hostname Verification: boolean If true, client SSL connections using this provider will attempt to verify that the server's certificate matches its host name.
Client Authentication: boolean If true, servers using this provider will use SSL client authentication, that is, the server must receive and authenticate a certificate from the client as part of the SSL handshake.
* - denotes required
Parameter Type Description Cache Size: integer The maximum number of SSL sessions that will be retained in the session cache. Sessions in the cache can be reconnected with less overhead than those not cached.
Timeout: integer Maximum length of time (in seconds) that an SSL session can remain in the cache.
* - denotes required
Parameter Type Description JCE PKIX Trust Manager Provider: string JCE provider to construct PKIX Trust Manager. Choose 'Not Specified' for default.
Select from one of the following options:
- NOT_SPECIFIED {NOT_SPECIFIED}
- SunJSSE {SunJSSE}
JCE Signature Provider: string JCE provider used to verify digital certificate signatures during handshake.
Select from one of the following options:
- NOT_SPECIFIED {NOT_SPECIFIED}
- SUN {SUN}
- SunRsaSign {SunRsaSign}
- SunEC {SunEC}
- SunJSSE {SunJSSE}
- SunMSCAPI {SunMSCAPI}
* - denotes required
Parameter Type Description Certificate Store: string Certificate store from which certificate revocation lists are loaded.
Click below for a definition:
null
null
Keystore Configuration
LDAP Configuration
Enable Certificate Revocation: boolean Enable CRL or OCSP checking of certificates during handshake.
* - denotes required
Parameter Type Description JCE SSL Context Provider: string JCE Provider for the SSL Context
Select from one of the following options:
- NOT_SPECIFIED {NOT_SPECIFIED}
- SunJSSE {SunJSSE}
Server Key Alias: string Alias for the key to be used to identify secure servers using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
Client Key Alias: string Alias for the key to be used to identify secure clients using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
OCSP Responder: string Name of the OCSP Responder provider. This verifies the status of certificates online instead of relying on Certificate Revocation Lists.
Click below for a definition:
null
Enabled Cipher Suites: string If supplied, only cipher suites on this list will be enabled for SSL sockets or SSL engines created using this provider. The user must take care that enabled cipher suites are supported by other components specified. Enter as comma-delimited list or use FILE() function. If left blank, all available cipher suites will be enabled and be available during SSL negotiation.
* - denotes required
Runtime Class - com.iwaysoftware.eclipse.template.SslContextProviderType
Parameter Groups
Parameter Type Description * Keystore: string Configured Security Provider for the keystore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Keystores hold private keys.
Click below for a definition:
* Truststore: string Configured Security Provider for the truststore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Truststores hold the certificate of Trusted CAs used to verify peer certificates.
Click below for a definition:
* Security Protocol: string Specify the version of security protocol that should be used. During SSL handshake, a negotiation selects the protocol to be used from the best mutually supported. This field sets the minimum acceptable security protocol. If the handshake cannot select a mutually supported protocol, the connection fails.
Select from one of the following options:
- Default {Default}
- SSL {SSL}
- SSLv3 {SSLv3}
- TLS {TLS}
- TLSv1 {TLSv1}
- TLSv1.1 {TLSv1.1}
- TLSv1.2 {TLSv1.2}
Hostname Verification: boolean If true, client SSL connections using this provider will attempt to verify that the server's certificate matches its host name.
Client Authentication: boolean If true, servers using this provider will use SSL client authentication, that is, the server must receive and authenticate a certificate from the client as part of the SSL handshake.
* - denotes required
Parameter Type Description Cache Size: integer The maximum number of SSL sessions that will be retained in the session cache. Sessions in the cache can be reconnected with less overhead than those not cached.
Timeout: integer Maximum length of time (in seconds) that an SSL session can remain in the cache.
* - denotes required
Parameter Type Description JCE PKIX Trust Manager Provider: string JCE provider to construct PKIX Trust Manager. Choose 'Not Specified' for default.
Select from one of the following options:
- NOT_SPECIFIED {NOT_SPECIFIED}
- SunJSSE {SunJSSE}
JCE Signature Provider: string JCE provider used to verify digital certificate signatures during handshake.
Select from one of the following options:
- NOT_SPECIFIED {NOT_SPECIFIED}
- SUN {SUN}
- SunRsaSign {SunRsaSign}
- SunEC {SunEC}
- SunJSSE {SunJSSE}
- SunMSCAPI {SunMSCAPI}
* - denotes required
Parameter Type Description Certificate Store: string Certificate store from which certificate revocation lists are loaded.
Click below for a definition:
null
null
Keystore Configuration
LDAP Configuration
Enable Certificate Revocation: boolean Enable CRL or OCSP checking of certificates during handshake.
* - denotes required
Parameter Type Description JCE SSL Context Provider: string JCE Provider for the SSL Context
Select from one of the following options:
- NOT_SPECIFIED {NOT_SPECIFIED}
- SunJSSE {SunJSSE}
Server Key Alias: string Alias for the key to be used to identify secure servers using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
Client Key Alias: string Alias for the key to be used to identify secure clients using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
OCSP Responder: string Name of the OCSP Responder provider. This verifies the status of certificates online instead of relying on Certificate Revocation Lists.
Click below for a definition:
null
Enabled Cipher Suites: string If supplied, only cipher suites on this list will be enabled for SSL sockets or SSL engines created using this provider. The user must take care that enabled cipher suites are supported by other components specified. Enter as comma-delimited list or use FILE() function. If left blank, all available cipher suites will be enabled and be available during SSL negotiation.
* - denotes required
Parameter Groups
| Parameter | Type | Description | |
|---|---|---|---|
| * | Keystore: | string | Configured Security Provider for the keystore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Keystores hold private keys.
Click below for a definition: |
* | Truststore: | string | Configured Security Provider for the truststore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Truststores hold the certificate of Trusted CAs used to verify peer certificates.
Click below for a definition: |
* | Security Protocol: | string | Specify the version of security protocol that should be used. During SSL handshake, a negotiation selects the protocol to be used from the best mutually supported. This field sets the minimum acceptable security protocol. If the handshake cannot select a mutually supported protocol, the connection fails.
Select from one of the following options:
|
Hostname Verification: | boolean | If true, client SSL connections using this provider will attempt to verify that the server's certificate matches its host name. | Client Authentication: | boolean | If true, servers using this provider will use SSL client authentication, that is, the server must receive and authenticate a certificate from the client as part of the SSL handshake. |
* - denotes required
| Parameter | Type | Description | |
|---|---|---|---|
| Cache Size: | integer | The maximum number of SSL sessions that will be retained in the session cache. Sessions in the cache can be reconnected with less overhead than those not cached. | Timeout: | integer | Maximum length of time (in seconds) that an SSL session can remain in the cache. |
* - denotes required
| Parameter | Type | Description | |
|---|---|---|---|
| JCE PKIX Trust Manager Provider: | string | JCE provider to construct PKIX Trust Manager. Choose 'Not Specified' for default.
Select from one of the following options:
|
JCE Signature Provider: | string | JCE provider used to verify digital certificate signatures during handshake.
Select from one of the following options:
|
* - denotes required
| Parameter | Type | Description | |
|---|---|---|---|
| Certificate Store: | string | Certificate store from which certificate revocation lists are loaded.
Click below for a definition:
|
Enable Certificate Revocation: | boolean | Enable CRL or OCSP checking of certificates during handshake. |
* - denotes required
| Parameter | Type | Description | |
|---|---|---|---|
| JCE SSL Context Provider: | string | JCE Provider for the SSL Context
Select from one of the following options:
|
Server Key Alias: | string | Alias for the key to be used to identify secure servers using this SSL context. If not supplied, the key will be selected using JSSE default behavior. | Client Key Alias: | string | Alias for the key to be used to identify secure clients using this SSL context. If not supplied, the key will be selected using JSSE default behavior. | OCSP Responder: | string | Name of the OCSP Responder provider. This verifies the status of certificates online instead of relying on Certificate Revocation Lists.
Click below for a definition:
|
Enabled Cipher Suites: | string | If supplied, only cipher suites on this list will be enabled for SSL sockets or SSL engines created using this provider. The user must take care that enabled cipher suites are supported by other components specified. Enter as comma-delimited list or use FILE() function. If left blank, all available cipher suites will be enabled and be available during SSL negotiation. |