summaryrefslogtreecommitdiff
path: root/TAO/docs/Security/SSLIOP-USAGE.html
diff options
context:
space:
mode:
Diffstat (limited to 'TAO/docs/Security/SSLIOP-USAGE.html')
-rw-r--r--TAO/docs/Security/SSLIOP-USAGE.html24
1 files changed, 24 insertions, 0 deletions
diff --git a/TAO/docs/Security/SSLIOP-USAGE.html b/TAO/docs/Security/SSLIOP-USAGE.html
index 8db70f6cd6b..32e44812fbe 100644
--- a/TAO/docs/Security/SSLIOP-USAGE.html
+++ b/TAO/docs/Security/SSLIOP-USAGE.html
@@ -163,6 +163,30 @@ function MM_nbGroup(event, grpName) { //v3.0
the client preferences. When not set, the SSL server will always
follow the clients preferences.</td>
</tr>
+ <tr>
+ <td><code>-SSLCAfile</code> <em>filename</em></td>
+ <td>Provide a file containing a trusted certificate, overriding the file named by SSL_CERT_FILE environment variable.</td>
+ </tr>
+ <tr>
+ <td><code>-SSLCApath</code> <em>directory</em></td>
+ <td>Provide a directory from which all files are read for trusted certificates overriding the directory named by SSL_CERT_DIR environment variable.<</td>
+ </tr>
+ <tr>
+ <td><code>-SSLrand</code> <em>filelist</em></td>
+ <td>Provide additional entropy from the named sources. Works in conjuction with any value supplied via SSL_RAND_FILE environment variable.</td>
+ </tr>
+ <tr>
+ <td><code>-SSLVersionList</code> <em>versions</em></td>
+ <td>Unlike the cipher list option, this takes a list of SSL versions to support. List is a comma separated string containing any of SSLv2, SSLv3, TLSv1, TLSv1.1, or TLSv1.2. If <code>-SSLVersionList</code> is not supplied, SSL will support all of these versions. </td>
+ </tr>
+ <tr>
+ <td><code>-SSLPassword</code> <em>specifier</em></td>
+ <td>if the supplied <code>-SSLPrivateKey</code> is password protected, this option enables overriding the default password entry. The supplied specifier can be <code>prompt:</code><em>message</em> to prompt a user for entry, <code>file:</code><em>filename</em> reads a plain text file, <code>env:</code><em>envvarname</em>, or simply <em>thepassword</em>. Clearly using any option apart from prompt: weakens the protection. </td>
+ </tr>
+ <tr>
+ <td><code>-SSLCheckHost</code></td>
+ <td>Adds a verification of the peer address to the connection completion process. This feature requires OpenSSL 1.0.2 or newer and performs a reverse DNS lookup to find the originating hostname. If the version of ssl used does not support <code>X509_check_host()</code>, the peer address does not map to a cannonical host name, or the peer did not provide an X.509 certificate, the connection will fail. </td>
+ </tr>
</table>
<h4>Environment variables</h4>
View Lorry Controller Status