Home Esplora Aiuto
Accedi
Kamailio
/
kamailio
mirror da https://github.com/kamailio/kamailio.git
2
0
Forka 0
File Problemi 0 Wiki
Ramo (Branch): cmaster
Rami (Branch) Tag
kamailio
/
doc
/
tutorials
/
cfg_list
/
docbook
/
cfg_tls.xml

cfg_tls.xml 9.4 KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364 
  1. <?xml version="1.0" encoding="UTF-8"?>
    2. 

  2. <!-- this file is autogenerated, do not edit! -->
    3. 

  3. <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
    4. 

  4. 	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
    5. 

  5. <chapter id="config_vars.tls">
    6. 

  6. 	<title> Configuration Variables for tls</title>
    7. 

  7. 

  8. 

  9. <section id="tls.force_run">
    10. 

  10.     <title>tls.force_run</title>
    11. 

  11.     <para>
    12. 

  12.         force loading the tls module even when initial sanity checks
    13. 

  13.         fail.
    14. 

  14.     </para>
    15. 

  15.     <para>Default value: 0.</para>
    16. 

  16.     <para>Range: 0 - 1.</para>
    17. 

  17.     <para>Type: integer.</para>
    18. 

  18.     <para>
    19. 

  19.         Read-only.
    20. 

  20.     </para>
    21. 

  21. </section>
    22. 

  22. 

  23. <section id="tls.method">
    24. 

  24.     <title>tls.method</title>
    25. 

  25.     <para>
    26. 

  26.         TLS method used (TLSv1, SSLv3, SSLv2, SSLv23).
    27. 

  27.     </para>
    28. 

  28.     <para>Default value: &lt;unknown:str&gt;.</para>
    29. 

  29.     <para>Type: string.</para>
    30. 

  30.     <para>
    31. 

  31.         Read-only.
    32. 

  32.     </para>
    33. 

  33. </section>
    34. 

  34. 

  35. <section id="tls.verify_certificate">
    36. 

  36.     <title>tls.verify_certificate</title>
    37. 

  37.     <para>
    38. 

  38.         if enabled the certificates will be verified.
    39. 

  39.     </para>
    40. 

  40.     <para>Default value: 0.</para>
    41. 

  41.     <para>Range: 0 - 1.</para>
    42. 

  42.     <para>Type: integer.</para>
    43. 

  43.     <para>
    44. 

  44.         Read-only.
    45. 

  45.     </para>
    46. 

  46. </section>
    47. 

  47. 

  48. <section id="tls.verify_depth">
    49. 

  49.     <title>tls.verify_depth</title>
    50. 

  50.     <para>
    51. 

  51.         sets how far up the certificate chain will the certificate
    52. 

  52.         verification go in the search for a trusted CA.
    53. 

  53.     </para>
    54. 

  54.     <para>Default value: 9.</para>
    55. 

  55.     <para>Range: 0 - 100.</para>
    56. 

  56.     <para>Type: integer.</para>
    57. 

  57.     <para>
    58. 

  58.         Read-only.
    59. 

  59.     </para>
    60. 

  60. </section>
    61. 

  61. 

  62. <section id="tls.require_certificate">
    63. 

  63.     <title>tls.require_certificate</title>
    64. 

  64.     <para>
    65. 

  65.         if enabled a certificate will be required from clients.
    66. 

  66.     </para>
    67. 

  67.     <para>Default value: 0.</para>
    68. 

  68.     <para>Range: 0 - 1.</para>
    69. 

  69.     <para>Type: integer.</para>
    70. 

  70.     <para>
    71. 

  71.         Read-only.
    72. 

  72.     </para>
    73. 

  73. </section>
    74. 

  74. 

  75. <section id="tls.private_key">
    76. 

  76.     <title>tls.private_key</title>
    77. 

  77.     <para>
    78. 

  78.         name of the file containing the private key (pem format), if
    79. 

  79.         not contained in the certificate file.
    80. 

  80.     </para>
    81. 

  81.     <para>Default value: &lt;unknown:str&gt;.</para>
    82. 

  82.     <para>Type: string.</para>
    83. 

  83.     <para>
    84. 

  84.         Read-only.
    85. 

  85.     </para>
    86. 

  86. </section>
    87. 

  87. 

  88. <section id="tls.ca_list">
    89. 

  89.     <title>tls.ca_list</title>
    90. 

  90.     <para>
    91. 

  91.         name of the file containing the trusted CA list (pem format).
    92. 

  92.     </para>
    93. 

  93.     <para>Default value: &lt;unknown:str&gt;.</para>
    94. 

  94.     <para>Type: string.</para>
    95. 

  95.     <para>
    96. 

  96.         Read-only.
    97. 

  97.     </para>
    98. 

  98. </section>
    99. 

  99. 

  100. <section id="tls.crl">
    101. 

  101.     <title>tls.crl</title>
    102. 

  102.     <para>
    103. 

  103.         name of the file containing the CRL  (certificare revocation
    104. 

  104.         list in pem format).
    105. 

  105.     </para>
    106. 

  106.     <para>Default value: &lt;unknown:str&gt;.</para>
    107. 

  107.     <para>Type: string.</para>
    108. 

  108.     <para>
    109. 

  109.         Read-only.
    110. 

  110.     </para>
    111. 

  111. </section>
    112. 

  112. 

  113. <section id="tls.certificate">
    114. 

  114.     <title>tls.certificate</title>
    115. 

  115.     <para>
    116. 

  116.         name of the file containing the certificate (pem format).
    117. 

  117.     </para>
    118. 

  118.     <para>Default value: &lt;unknown:str&gt;.</para>
    119. 

  119.     <para>Type: string.</para>
    120. 

  120.     <para>
    121. 

  121.         Read-only.
    122. 

  122.     </para>
    123. 

  123. </section>
    124. 

  124. 

  125. <section id="tls.cipher_list">
    126. 

  126.     <title>tls.cipher_list</title>
    127. 

  127.     <para>
    128. 

  128.         list of the accepted ciphers (strings separated by colons).
    129. 

  129.     </para>
    130. 

  130.     <para>Default value: &lt;unknown:str&gt;.</para>
    131. 

  131.     <para>Type: string.</para>
    132. 

  132.     <para>
    133. 

  133.         Read-only.
    134. 

  134.     </para>
    135. 

  135. </section>
    136. 

  136. 

  137. <section id="tls.session_cache">
    138. 

  138.     <title>tls.session_cache</title>
    139. 

  139.     <para>
    140. 

  140.         enables or disables the session cache.
    141. 

  141.     </para>
    142. 

  142.     <para>Default value: 0.</para>
    143. 

  143.     <para>Range: 0 - 1.</para>
    144. 

  144.     <para>Type: integer.</para>
    145. 

  145.     <para>
    146. 

  146.         Read-only.
    147. 

  147.     </para>
    148. 

  148. </section>
    149. 

  149. 

  150. <section id="tls.session_id">
    151. 

  151.     <title>tls.session_id</title>
    152. 

  152.     <para>
    153. 

  153.         string used for the session id.
    154. 

  154.     </para>
    155. 

  155.     <para>Default value: &lt;unknown:str&gt;.</para>
    156. 

  156.     <para>Type: string.</para>
    157. 

  157.     <para>
    158. 

  158.         Read-only.
    159. 

  159.     </para>
    160. 

  160. </section>
    161. 

  161. 

  162. <section id="tls.config">
    163. 

  163.     <title>tls.config</title>
    164. 

  164.     <para>
    165. 

  165.         tls config file name (used for the per domain options).
    166. 

  166.     </para>
    167. 

  167.     <para>Default value: &lt;unknown:str&gt;.</para>
    168. 

  168.     <para>Type: string.</para>
    169. 

  169.     <para>
    170. 

  170.     </para>
    171. 

  171. </section>
    172. 

  172. 

  173. <section id="tls.log">
    174. 

  174.     <title>tls.log</title>
    175. 

  175.     <para>
    176. 

  176.         tls info messages log level.
    177. 

  177.     </para>
    178. 

  178.     <para>Default value: 3.</para>
    179. 

  179.     <para>Range: 0 - 1000.</para>
    180. 

  180.     <para>Type: integer.</para>
    181. 

  181.     <para>
    182. 

  182.     </para>
    183. 

  183. </section>
    184. 

  184. 

  185. <section id="tls.debug">
    186. 

  186.     <title>tls.debug</title>
    187. 

  187.     <para>
    188. 

  188.         tls debug messages log level.
    189. 

  189.     </para>
    190. 

  190.     <para>Default value: 3.</para>
    191. 

  191.     <para>Range: 0 - 1000.</para>
    192. 

  192.     <para>Type: integer.</para>
    193. 

  193.     <para>
    194. 

  194.     </para>
    195. 

  195. </section>
    196. 

  196. 

  197. <section id="tls.connection_timeout">
    198. 

  198.     <title>tls.connection_timeout</title>
    199. 

  199.     <para>
    200. 

  200.         initial connection lifetime (in s) (obsolete).
    201. 

  201.     </para>
    202. 

  202.     <para>Default value: 600.</para>
    203. 

  203.     <para>Range: -1 - -2147483648.</para>
    204. 

  204.     <para>Type: integer.</para>
    205. 

  205.     <para>
    206. 

  206.     </para>
    207. 

  207. </section>
    208. 

  208. 

  209. <section id="tls.disable_compression">
    210. 

  210.     <title>tls.disable_compression</title>
    211. 

  211.     <para>
    212. 

  212.         if set disable the built-in OpenSSL compression.
    213. 

  213.     </para>
    214. 

  214.     <para>Default value: 1.</para>
    215. 

  215.     <para>Range: 0 - 1.</para>
    216. 

  216.     <para>Type: integer.</para>
    217. 

  217.     <para>
    218. 

  218.         Read-only.
    219. 

  219.     </para>
    220. 

  220. </section>
    221. 

  221. 

  222. <section id="tls.ssl_release_buffers">
    223. 

  223.     <title>tls.ssl_release_buffers</title>
    224. 

  224.     <para>
    225. 

  225.         quickly release internal OpenSSL read or write buffers. Works
    226. 

  226.         only for OpenSSL &gt;= 1.0..
    227. 

  227.     </para>
    228. 

  228.     <para>Default value: -1.</para>
    229. 

  229.     <para>Range: -1 - 1.</para>
    230. 

  230.     <para>Type: integer.</para>
    231. 

  231.     <para>
    232. 

  232.         Read-only.
    233. 

  233.     </para>
    234. 

  234. </section>
    235. 

  235. 

  236. <section id="tls.ssl_free_list_max">
    237. 

  237.     <title>tls.ssl_free_list_max</title>
    238. 

  238.     <para>
    239. 

  239.         maximum number of free/cached memory chunks that OpenSSL will
    240. 

  240.         keep per connection. Works only for OpenSSL &gt;= 1.0..
    241. 

  241.     </para>
    242. 

  242.     <para>Default value: -1.</para>
    243. 

  243.     <para>Range: -1 - 1073741824.</para>
    244. 

  244.     <para>Type: integer.</para>
    245. 

  245.     <para>
    246. 

  246.         Read-only.
    247. 

  247.     </para>
    248. 

  248. </section>
    249. 

  249. 

  250. <section id="tls.ssl_max_send_fragment">
    251. 

  251.     <title>tls.ssl_max_send_fragment</title>
    252. 

  252.     <para>
    253. 

  253.         sets the maximum number of bytes (clear text) send into one TLS
    254. 

  254.         record. Valid values are between 512 and 16384. Works only for
    255. 

  255.         OpenSSL &gt;= 0.9.9.
    256. 

  256.     </para>
    257. 

  257.     <para>Default value: -1.</para>
    258. 

  258.     <para>Range: -1 - 65536.</para>
    259. 

  259.     <para>Type: integer.</para>
    260. 

  260.     <para>
    261. 

  261.         Read-only.
    262. 

  262.     </para>
    263. 

  263. </section>
    264. 

  264. 

  265. <section id="tls.ssl_read_ahead">
    266. 

  266.     <title>tls.ssl_read_ahead</title>
    267. 

  267.     <para>
    268. 

  268.         Enables read ahead, reducing the number of BIO read calls done
    269. 

  269.         internally by the OpenSSL library. Note that in newer tls
    270. 

  270.         module versions it is better to have read ahead disabled, since
    271. 

  271.         everything it is buffered in memory anyway.
    272. 

  272.     </para>
    273. 

  273.     <para>Default value: 0.</para>
    274. 

  274.     <para>Range: -1 - 1.</para>
    275. 

  275.     <para>Type: integer.</para>
    276. 

  276.     <para>
    277. 

  277.         Read-only.
    278. 

  278.     </para>
    279. 

  279. </section>
    280. 

  280. 

  281. <section id="tls.low_mem_threshold1">
    282. 

  282.     <title>tls.low_mem_threshold1</title>
    283. 

  283.     <para>
    284. 

  284.         sets the minimum amount of free memory for accepting new TLS
    285. 

  285.         connections (KB).
    286. 

  286.     </para>
    287. 

  287.     <para>Default value: -1.</para>
    288. 

  288.     <para>Range: -1 - 1073741824.</para>
    289. 

  289.     <para>Type: integer.</para>
    290. 

  290.     <para>
    291. 

  291.     </para>
    292. 

  292. </section>
    293. 

  293. 

  294. <section id="tls.low_mem_threshold2">
    295. 

  295.     <title>tls.low_mem_threshold2</title>
    296. 

  296.     <para>
    297. 

  297.         sets the minimum amount of free memory after which no more TLS
    298. 

  298.         operations will be attempted (even on existing connections).
    299. 

  299.     </para>
    300. 

  300.     <para>Default value: -1.</para>
    301. 

  301.     <para>Range: -1 - 1073741824.</para>
    302. 

  302.     <para>Type: integer.</para>
    303. 

  303.     <para>
    304. 

  304.     </para>
    305. 

  305. </section>
    306. 

  306. 

  307. <section id="tls.ct_wq_max">
    308. 

  308.     <title>tls.ct_wq_max</title>
    309. 

  309.     <para>
    310. 

  310.         maximum bytes queued globally for write when write has to wait
    311. 

  311.         due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial
    312. 

  312.         TLS connection establishment (it is different from tcp.wq_max,
    313. 

  313.         which works at the TCP connection level).
    314. 

  314.     </para>
    315. 

  315.     <para>Default value: 10485760.</para>
    316. 

  316.     <para>Range: 0 - 1073741824.</para>
    317. 

  317.     <para>Type: integer.</para>
    318. 

  318.     <para>
    319. 

  319.     </para>
    320. 

  320. </section>
    321. 

  321. 

  322. <section id="tls.con_ct_wq_max">
    323. 

  323.     <title>tls.con_ct_wq_max</title>
    324. 

  324.     <para>
    325. 

  325.         maximum bytes queued for write per connection when write has to
    326. 

  326.         wait due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or
    327. 

  327.         initial TLS connection establishment (it is different from
    328. 

  328.         tcp.conn_wq_max, which works at the TCP connection level).
    329. 

  329.     </para>
    330. 

  330.     <para>Default value: 65536.</para>
    331. 

  331.     <para>Range: 0 - 4194304.</para>
    332. 

  332.     <para>Type: integer.</para>
    333. 

  333.     <para>
    334. 

  334.     </para>
    335. 

  335. </section>
    336. 

  336. 

  337. <section id="tls.ct_wq_blk_size">
    338. 

  338.     <title>tls.ct_wq_blk_size</title>
    339. 

  339.     <para>
    340. 

  340.         internal TLS pre-write (clear-text) queue minimum block size
    341. 

  341.         (advanced tunning or debugging for now).
    342. 

  342.     </para>
    343. 

  343.     <para>Default value: 4096.</para>
    344. 

  344.     <para>Range: 1 - 65536.</para>
    345. 

  345.     <para>Type: integer.</para>
    346. 

  346.     <para>
    347. 

  347.     </para>
    348. 

  348. </section>
    349. 

  349. 

  350. <section id="tls.send_close_notify">
    351. 

  351.     <title>tls.send_close_notify</title>
    352. 

  352.     <para>
    353. 

  353.         enable/disable sending a close notify TLS shutdown alert before
    354. 

  354.         closing the corresponding TCP connection.Note that having it
    355. 

  355.         enabled has a performance impact..
    356. 

  356.     </para>
    357. 

  357.     <para>Default value: 0.</para>
    358. 

  358.     <para>Range: 0 - 1.</para>
    359. 

  359.     <para>Type: integer.</para>
    360. 

  360.     <para>
    361. 

  361.     </para>
    362. 

  362. </section>
    363. 

  363. 

  364. </chapter>
    365.