Server SSL Communications Parameters
The following table lists parameters (in alphabetical order) that are only used when performing SSL or Tunnel transfers.
Parameter Name | Description |
---|---|
AuthorizationFileName | Defines the path to the authorization file to be used with SSL transfers.
If this parameter is not defined or is set to N, TIBCO MFT Platform Server does not perform additional authentication to the client certificate. This parameter is only valid when ClientVerification is set to Y. You can find a sample authorization file that can be used called SSLAuth.cfg located in the $CFROOT/config directory. For more information on configuring this file, see Configured SSL Authorization. |
CAPath | Defines the path where the CRL checking looks for the hashed file names.
For more information, see CRL Support. |
CertificateFileName | Defines the path to the certificate file used for an SSL or Tunnel transfer.
Note: It has no default value. There are separate parameters for server and client, but the same file name can be used for both.
For more information, see SSL Certificates Setup. |
CheckCRL | Defines whether incoming
TIBCO MFT Platform Server SSL or Tunnel checks the
CAPath field for the hashed CRL files.
For more information, see CRL Support. |
Ciphers | Defines the cipher suites that can be used for TLS negotiation between the server and the client.
The default value is HIGH, which means those ciphers suites with key lengths larger than 128 bits, and some cipher suites with 128-bit keys can be used. In addition, you can list all supported cipher suites separated by colons. You can list the OPENSSL supported ciphers by using the openssl command. Examples: List TLS Ciphers:
List 'high" encryption TLS Cipher suites:
|
ClientVerification | Defines whether
TIBCO MFT Platform Server performs SSL client authentication.
The valid values are:
For more information, see SSL Certificates Setup. |
PrivateKeyFileName | Defines the path to the file with the private key that is associated with the SSL certificate.
Note: It has no default value. There are separate parameters for server and client, but the same file name can be used for both.
For more information, see SSL Certificates Setup. |
PrivateKeyPwdFileName | Defines the path to the file with the private key password.
It has no default value. To create this file, use the createPwd.exe file in the $CFROOT/util directory. Note: If the same certificate is used for a
TIBCO MFT Platform Server server and a
TIBCO MFT Platform Server client, the same private key password can be used for the server and client as well.
For more information, see SSL Certificates Setup. |
SSLEnabledProtocols |
Defines which SSL protocols are supported when the platform server runs as a responder. The valid values are any combination of the following options: TLSV1,TLSV1.1,TLSV1.2. The default value is TLSV1,TLSV1.1,TLSV1.2. The comma means "and". |
SSLPort | Defines the IP port on which
TIBCO MFT Platform Server listens on for incoming SSL requests.
The valid values are from 1024 to 65535, because lower ports are usually reserved for standard applications. The default value is 56565. |
SSLPortIPv6 | Defines the IPv6 port on which
TIBCO MFT Platform Server listens on for incoming SSL requests.
The valid values are N or any number ranging from 1024 to 65535, because lower ports are usually reserved for standard applications. If this parameter is not defined, then responder IPv6 SSL processing is disabled. If non-SSL requests are received on this port, then an error message is sent to the initiator and the request is terminated. This field must be different than the PortIPv6 parameter. |
SSLTraceLevel | Defines whether tracing is turned on for an SSL transfer.
Usually tracing has only to be turned on at the request of TIBCO Support for troubleshooting purpose. |
SSLTracePath | Defines the path to the SSL trace file.
The path of the SSL trace file is $CFROOT/trace/ResponderSSL under the SERVER section. Normally these files are only used when debugging SSL related problems. |
TrustedAuthorityFileName | Defines the path to the file with trusted authority certificates.
It has no default value. Use this parameter to define all the certificate authorities that are accepted by both a TIBCO MFT Platform Server server and a TIBCO MFT Platform Server client. Note: There are separate parameters for server and client, but the same file name can be used for both.
For more information, see SSL Certificates Setup. |
TunnelPort | Defines the IP port on which
listens on for incoming tunnel requests.
The valid values are from 1024 to 65535, because lower ports are usually reserved for standard applications. The default value is 58585. |
TunnelPortIPv6 | Defines the IPv6 port on which
TIBCO MFT Platform Server listens on for incoming tunnel requests.
The valid values are N or any number ranging from 1024 to 65535 because lower ports are usually reserved for standard applications. If this parameter is not defined, then responder IPv6 tunnel processing is disabled. This field must be different than the PortIPv6 parameter. |