Record: ListenerSecureSocket
Configures the SSL/TLS options to be used for HTTP service.
Closed record
Fields
- key KeyStore | CertKey
- mutualSsl record {| VerifyClient verifyClient = REQUIRE; crypto:TrustStore|string cert; |} ?
- protocol record {| Protocol name; string[] versions = []; |} ?
- certValidation record {| CertValidationType 'type = OCSP_STAPLING; int cacheSize; int cacheValidityPeriod; |} ?
- ciphers string[ ](default ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"])
- handshakeTimeout decimal?
- sessionTimeout decimal?
Configurations associated with crypto:KeyStore
or combination of certificate and (PKCS8) private key of the server
Configures associated with mutual SSL operations
SSL/TLS protocol related options
Certificate validation against OCSP_CRL, OCSP_STAPLING related options
List of ciphers to be used eg: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
SSL handshake time out
SSL session time out