The SSL options for c++ are passed as a semi-colon separated string passed as 4th argument to the openSessionExt method when creating a session and/or specified as listen-options in the SDK server configuration:
Option Name |
Description |
Example |
CertificateFile |
Specifies the certificate file |
/etc/aimmssdk/certificate.cert |
PrivateKeyFile |
Specifies the PEM private key file |
/etc/aimmssdk/privatekey.pem |
PrivatePassword |
Specifies the password to use for either the PKCS12 file or the PEM file |
secretpassword |
NoCertify |
A Boolean indicating whether the peer certificates should be validated, typically for client connections this should be true while for server connections it is more common to turn this off (ie specifying false) |
true |
LoadCryptoCertStore |
A Boolean that on Windows indicates whether the Microsoft Certificate Store can be used for locating certificates , defaults to true |
false |
CAFile |
The file were certificates can be found, see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_load_verify_locations.html . On linux machines when this files is not specified by default the following locations are used (in that order, whichever exists first): /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/ca-bundle.pem /etc/pki/tls/cacert.pem |
/etc/aimmssdk/ca-certificates.txt |
CAPath |
The path were certificates can be found, see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_load_verify_locations.html |
/etc/aimmssdk/ca-certs |
PKCS12File |
The location of the PKCS12File that contains the certificate chain to use |
/etc/aimmssdk/certificate.pkcs12 |
CipherList |
The list of allowed ciphers to use, see https://www.openssl.org/docs/man1.1.1/man1/ciphers.html |
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS |
EnableWeakMethods |
Boolean indicating whether to allow weak encryption methods, default false |
true |