Client SSL Communications Parameters

The following table lists parameters only used when performing SSL or tunnel transactions.

Parameter Description
CertificateFileName Defines the path to the certificate file used for an SSL transfer.

It has no default value. There are separate parameters for the server and client, but the same file name can be used for both.

For more information, see SSL Certificates Setup.

PrivateKeyFileName Defines the path to the file with the private key that is associated with the SSL certificate.

It has no default value. There are separate parameters for the server and client, but the same file name can be used for both.

For more information, see SSL Certificates Setup.

PrivateKeyPwdFileName Defines the path to the file with the private key password.

It has no default value. To create this file, use the createPwd.exe program in the $CFROOT/util directory. If the same certificate is used for the server and client, then the same private key password can be used for the server and client as well.

For more information, see SSL Certificates Setup.

TrustedAuthorityFileName Defines the path to the file with the trusted authority certificates.

It has no default value. It defines all of the certificate authorities that are accepted by the server and client. There are separate parameters for the server and client, but the same file name can be used for both.

For more information, see SSL Certificates Setup.

SSLTraceLevel Defines whether tracing is turned on for an SSL transfer.

Usually tracing has only to be turned on at the request of TIBCO Support for troubleshooting purpose.

Note:
  • This parameter cannot be used within a transfer template.
  • When SSLTraceLevel is used, the TraceSizeClient parameter must be defined.
SSLTracePath Defines the path to the SSL trace file.
The path of the SSL trace file is $CFROOT/trace/InitiatorSSL under the CLIENT section respectively. Normally these files are only used when debugging an SSL related problems with TIBCO Support.
Note: This parameter cannot be used within a transfer template.
CheckCRL Defines whether TIBCO MFT Platform Server checks the CAPath field for the hashed CRL files.

For more information, see CRL Support.

CAPath Defines the path where the CRL checking looks for the hashed file names.

For more information, see CRL Support.

SSLEnabledProtocols

Defines which SSL protocols are supported when the platform server runs as an initiator.

The valid values are any combination of the following options:

TLSV1,TLSV1.1,TLSV1.2. The default value is TLSV1,TLSV1.1,TLSV1.2. The comma means and.

Ciphers Defines the cipher suites that can be used for TLS negotiation between the server and the client.

The default value is HIGH, which means those ciphers suites with key lengths larger than 128 bits, and some cipher suites with 128-bit keys can be used.

In addition, you can list all supported cipher suites separated by colons.