rvsd
Command
Syntax
rvsd -storefilename
[-http [ip_address
:]http_port
]
[-https [ip_address
:]https_port
]
[-http-only]
[-https-only]
[-no-http]
[-no-permanent]
[-listen [socket_protocol
:|ip_address
:]tcp_port
]
[-no-lead-wc | -lead-wc]
[-no-multicast]
[-reliabilitytime
]
[-max-consumer-buffersize
]
[-rxc-max-lossloss
]
[-rxc-recv-thresholdbps
]
[-rxc-send-thresholdbps
]
[-reuse-portinbox_port
]
[-logfilelog_filename
]
[-log-max-sizesize
]
[-log-max-rotationsn
]
[-log-configconfig_log_filename
]
[-foreground]
[-udp-ttlhops
]
[-tls-min-proto-versionversion
]
[-tls-max-proto-versionversion
]
[-tls-ciphersstring1:string2:stringN
]
[-tls-ciphersuitesname1:name2:nameN
]
[-no-wc]
Purpose
The command rvsd
starts the Rendezvous secure communications daemon process—the secure counterpart to rvd.
Remarks
This section describes only those aspects where rvsd
differs from rvd. For details that both daemons share, see rvd.
Although rvd
usually starts automatically, administrators must start rvsd
by explicit command.
Command Line Parameters
Parameter |
Description |
|
This file contains the security parameters that configure
The secure daemon store file contains very sensitive information. Store it on the local file system of the secure daemon’s host computer, with tight file access, in a physically secure environment. Ensure timely backup to secure media. See also Store Files. |
|
The browser administration interface accepts connections on this HTTP or HTTPS port. Permit administration access only through the network interface specified by this IP address. To limit access to a browser on the When the IP address is absent, the daemon accepts connections through any network interface on the specified HTTP or HTTPS port. If the explicitly specified HTTP port is already occupied, the program exits. If the explicitly specified HTTPS port is already occupied, the program selects an ephemeral port. When the When the In all cases, the program prints (in its start banner and log file) the actual HTTP and HTTPS ports where it accepts browser administration interface connections. |
|
Disable HTTPS (secure) connections, leaving only an HTTP (non-secure) connection. |
|
Disable HTTP (non-secure) connections, leaving only an HTTPS (secure) connection. |
|
Disable all HTTP and HTTPS connections, overriding |
|
The IP address specifies the network interface through which this daemon accepts TLS connections. To bar connections from remote programs, specify IP address When the IP address is absent, the daemon accepts connections from any computer on the specified TLS port. When this parameter is entirely absent, the default behavior is to accept connections from any computer on TLS port 7500. For more detail about the choreography that establishes conduits, see Daemon Client Socket—Establishing Connections. Warning This parameter does not correspond to the |
|
If present (or when If not present, This parameter is not available with IPM. |
|
Sending to subjects with lead wildcards (for example, When When This parameter is not available with IPM. |
|
Send duplicate log output to this file for log items that record configuration changes. The daemon never rotates nor removes this special log file. Instead, this file remains as a record of all configuration changes. When absent, the default is |
|
These parameters are the same as for rvd. For details, see Command Line Parameters. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Set the minimum or maximum supported protocol versions for the ctx using OpenSSL calls |
|
Set the list of available ciphers (TLSv1.2 and earlier) using OpenSSL call |
|
Configure the available TLSv1.3 ciphersuites using OpenSSL call |
|
Silently drop any messages published by clients that contain any wild card tokens. |