TLS specific account configuration. More...
#include <ITLSConfiguration.h>
Public Member Functions | |
| virtual bool | TLSInitialized () const =0 |
| Gets whether the TLS configuration is initialized/applied. More... | |
| virtual void | TLSInitialized (bool value)=0 |
| Sets whether the TLS configuration is initialized/applied. More... | |
| virtual bool | UseOnlyStrongCyphers () const =0 |
| Gets whether to to limit the use to only of strong cypher. More... | |
| virtual void | UseOnlyStrongCyphers (bool value)=0 |
| Configures whether to to limit the use to only of strong cypher. More... | |
| virtual ZDK::Shared::String | Domain () const =0 |
| Gets the configured local domain name. More... | |
| virtual void | Domain (ZDK::Shared::String value)=0 |
| Configures the local domain name. More... | |
| virtual ZDK::Shared::String | DomainCert () const =0 |
| Gets the configured domain certificate to be load. More... | |
| virtual void | DomainCert (ZDK::Shared::String value)=0 |
| Configures the domain certificate to be load. More... | |
| virtual ZDK::Shared::String | DomainCertPassphrase () const =0 |
| Gets the configured domain certificate passphrase. More... | |
| virtual void | DomainCertPassphrase (ZDK::Shared::String value)=0 |
| Configures the domain certificate passphrase. More... | |
| virtual ZDK::TLSSecureSuiteType | SecureSuite () const =0 |
| Gets the configured TLS secure suite type to be used. More... | |
| virtual void | SecureSuite (ZDK::TLSSecureSuiteType value)=0 |
| Configures the TLS secure suite type to be used. More... | |
 Public Member Functions inherited from ZDK::IZHandle | |
| virtual ZDK::ZDKHandle | Handle () const =0 |
| virtual | operator ZDK::ZDKHandle () const =0 |
| virtual void | Initialize ()=0 |
| virtual void | ReleaseReference ()=0 |
Detailed Description
TLS specific account configuration.
The configuration is applied/initialized with StartContext()! Any changes after StartContext() has been invoked will not take effect until a restart happens - StopContext() followed by StartContext().
TLS transport configuration along with the User Agent Server part (incoming TLS connections need a domain and cert to work properly).
Member Function Documentation
◆ Domain() [1/2]
|
pure virtual |
Gets the configured local domain name.
A default TLS transport is always initialized. Incoming TLS connections will not work with it unless a user certificate is later configured.
If not set (or set to NULL) only the default transport will be initialized.
If set to empty string ("") the ZDK will try to guess the local hostname and will generate a self-signed certificate for a TLS transport that will listen for incoming TLS connections. Has a low chance of succeeding. Falls back to "localhost". Does not matter what is the value of DomainCert(). This will not stop the default TLS transport creation nor will force any users to use it for their outgoing TLS connections.
Using self-signed domain TLS certificate is rarely supported by TLS peers and in most cases will not work. It is recommended not to use it.
If set, it will use this domain, no matter what is the value of the domain name found in the certificate set with DomainCert().
- Returns
- The TLS domain name
- See also
- DomainCert()
◆ Domain() [2/2]
|
pure virtual |
Configures the local domain name.
A default TLS transport is always initialized. Incoming TLS connections will not work with it unless a user certificate is later configured.
If not set (or set to NULL) only the default transport will be initialized.
If set to empty string ("") the ZDK will try to guess the local hostname and will generate a self-signed certificate for a TLS transport that will listen for incoming TLS connections. Has a low chance of succeeding. Falls back to "localhost". Does not matter what is the value of DomainCert(). This will not stop the default TLS transport creation nor will force any users to use it for their outgoing TLS connections.
Using self-signed domain TLS certificate is rarely supported by TLS peers and in most cases will not work. It is recommended not to use it.
If set, it will use this domain, no matter what is the value of the domain name found in the certificate set with DomainCert().
- Parameters
-
[in] value The TLS domain name
- See also
- DomainCert()
◆ DomainCert() [1/2]
|
pure virtual |
Gets the configured domain certificate to be load.
If not set (or set to NULL) AND Domain() is also not set (or set to NULL) only the default TLS transport will be initialized. Incoming TLS connections will not work unless a user certificate is later configured.
If not set (or set to NULL) AND Domain() is set a self-signed certificate will be created to be used for the incoming connections. Not recommended because self-signed domain TLS certificate are rarely supported by TLS peers and in most cases will not work.
If set the ZDK will try loading a Certificate and Key pair from the file with this name. The file can be in PEM format (the order in which the certificate and key are pasted in it does not matter) or in PKCS#12 format (.PFX, the way the pair is exported in Windows). If it is in the PKCS#12 format any additional certificates will be added to the trusted certificate list.
!!! NOTE !!! If Domain() is set (not NULL) the domain name found in the certificate will be ignored!
- Returns
- The TLS domain certificate name
- See also
- Domain()
◆ DomainCert() [2/2]
|
pure virtual |
Configures the domain certificate to be load.
If not set (or set to NULL) AND Domain() is also not set (or set to NULL) only the default TLS transport will be initialized. Incoming TLS connections will not work unless a user certificate is later configured.
If not set (or set to NULL) AND Domain() is set a self-signed certificate will be created to be used for the incoming connections. Not recommended because self-signed domain TLS certificate are rarely supported by TLS peers and in most cases will not work.
If set the ZDK will try loading a Certificate and Key pair from the file with this name. The file can be in PEM format (the order in which the certificate and key are pasted in it does not matter) or in PKCS#12 format (.PFX, the way the pair is exported in Windows). If it is in the PKCS#12 format any additional certificates will be added to the trusted certificate list.
!!! NOTE !!! If Domain() is set (not NULL) the domain name found in the certificate will be ignored!
- Parameters
-
[in] value The TLS domain certificate name
- See also
- Domain()
◆ DomainCertPassphrase() [1/2]
|
pure virtual |
Gets the configured domain certificate passphrase.
Can optionally contain the plaintext passphrase protecting the key set with DomainCert(). Can be left not set (or set to NULL pointer) if the key is not protected.
- Returns
- The TLS domain certificate passphrase
- See also
- DomainCert()
◆ DomainCertPassphrase() [2/2]
|
pure virtual |
Configures the domain certificate passphrase.
Can optionally contain the plaintext passphrase protecting the key set with DomainCert(). Can be left not set (or set to NULL pointer) if the key is not protected.
- Parameters
-
[in] value The TLS domain certificate passphrase
- See also
- DomainCert()
◆ SecureSuite() [1/2]
|
pure virtual |
Gets the configured TLS secure suite type to be used.
By default it is set to SSLv2/v3 (support SSLv2 and better/newer - TLSv1, TLSv1.1, TLSv1.2, etc are also supported!)
Can be also set TLSv1 which will add support ONLY to TLSv1!!! Neither SSLv2/v3, nor TLSv1.1 and upward will be supported!!! Not recomended!
- Returns
- The TLS secure suite type
- See also
- TLSSecureSuiteType
◆ SecureSuite() [2/2]
|
pure virtual |
Configures the TLS secure suite type to be used.
By default it is set to SSLv2/v3 (support SSLv2 and better/newer - TLSv1, TLSv1.1, TLSv1.2, etc are also supported!)
Can be also set TLSv1 which will add support ONLY to TLSv1!!! Neither SSLv2/v3, nor TLSv1.1 and upward will be supported!!! Not recomended!
- Parameters
-
[in] value The TLS secure suite type
- See also
- TLSSecureSuiteType
◆ TLSInitialized() [1/2]
|
pure virtual |
Gets whether the TLS configuration is initialized/applied.
Indicates whether the configuration is applied/initialized with StartContext()! Any changes to the configuration can take place only if it is not initialized. If StartContext() has been invoked any changes will not take effect until a restart happens - StopContext() followed by StartContext().
- Returns
- 0 - not initialized (can be modified)
- 1 - initialized (modifications will take effect after restart)
◆ TLSInitialized() [2/2]
|
pure virtual |
Sets whether the TLS configuration is initialized/applied.
Indicates whether the configuration is applied/initialized with StartContext()! Any changes to the configuration can take place only if it is not initialized. If StartContext() has been invoked any changes will not take effect until a restart happens - StopContext() followed by StartContext().
- Parameters
-
[in] value - 0 - not initialized (can be modified)
- 1 - initialized (modifications will take effect after restart)
◆ UseOnlyStrongCyphers() [1/2]
|
pure virtual |
Gets whether to to limit the use to only of strong cypher.
If enabled, will limit the ciphers to 3DES and AES (RC4 or DES will not be allowed)
- Returns
- 0 - disabled (use all)
- 1 - enabled (use only strong cyphers - 3DES and AES)
◆ UseOnlyStrongCyphers() [2/2]
|
pure virtual |
Configures whether to to limit the use to only of strong cypher.
If enabled, will limit the ciphers to 3DES and AES (RC4 or DES will not be allowed)
- Parameters
-
[in] value - 0 - disabled (use all)
- 1 - enabled (use only strong cyphers - 3DES and AES)
The documentation for this class was generated from the following file:
- Configurations/ITLSConfiguration.h
