TLS specific account configuration. More...
#import <ZDKTLSConfiguration.h>
Instance Methods | |
| (NSString *) | - handlesDescription |
 Instance Methods inherited from <ZDKZHandle> | |
| (long int) | - handle |
| (void) | - initialize |
| (void) | - releaseReference |
| (NSString *) | - handlesDescription |
Properties | |
| BOOL | tlsInitialized |
| Sets whether the TLS configuration is initialized/applied. More... | |
| BOOL | useOnlyStrongCyphers |
| Configures whether to to limit the use to only of strong cypher. More... | |
| NSString *_Nullable | domain |
| Configures the local domain name. More... | |
| NSString *_Nullable | domainCert |
| Configures the domain certificate to be load. More... | |
| NSString *_Nullable | domainCertPassphrase |
| Configures the domain certificate passphrase. More... | |
| ZDKTLSSecureSuiteType | secureSuite |
| Configures the TLS secure suite type to be used. More... | |
Detailed Description
TLS specific account configuration.
The configuration is applied/initialized with startContext()! Any changes after startContext() has been invoked will not take effect until a restart happens - stopContext() followed by startContext().
TLS transport configuration along with the User Agent Server part (incoming TLS connections need a domain and cert to work properly).
Method Documentation
◆ handlesDescription
| - (NSString *) handlesDescription |
Reimplemented from <ZDKZHandle>.
Property Documentation
◆ domain
|
readwritenonatomicassign |
Configures the local domain name.
A default TLS transport is always initialized. Incoming TLS connections will not work with it unless a user certificate is later configured.
If not set (or set to NULL) only the default transport will be initialized.
If set to empty string ("") the ZDK will try to guess the local hostname and will generate a self-signed certificate for a TLS transport that will listen for incoming TLS connections. Has a low chance of succeeding. Falls back to "localhost". Does not matter what is the value of domainCert(). This will not stop the default TLS transport creation nor will force any users to use it for their outgoing TLS connections.
Using self-signed domain TLS certificate is rarely supported by TLS peers and in most cases will not work. It is recommended not to use it.
If set, it will use this domain, no matter what is the value of the domain name found in the certificate set with domainCert().
- Parameters
-
[in] value The TLS domain name
- See also
- domainCert()
◆ domainCert
|
readwritenonatomicassign |
Configures the domain certificate to be load.
If not set (or set to NULL) AND domain() is also not set (or set to NULL) only the default TLS transport will be initialized. Incoming TLS connections will not work unless a user certificate is later configured.
If not set (or set to NULL) AND domain() is set a self-signed certificate will be created to be used for the incoming connections. Not recommended because self-signed domain TLS certificate are rarely supported by TLS peers and in most cases will not work.
If set the ZDK will try loading a Certificate and Key pair from the file with this name. The file can be in PEM format (the order in which the certificate and key are pasted in it does not matter) or in PKCS#12 format (.PFX, the way the pair is exported in Windows). If it is in the PKCS#12 format any additional certificates will be added to the trusted certificate list.
!!! NOTE !!! If domain() is set (not NULL) the domain name found in the certificate will be ignored!
- Parameters
-
[in] value The TLS domain certificate name
- See also
- domain()
◆ domainCertPassphrase
|
readwritenonatomicassign |
Configures the domain certificate passphrase.
Can optionally contain the plaintext passphrase protecting the key set with domainCert(). Can be left not set (or set to NULL pointer) if the key is not protected.
- Parameters
-
[in] value The TLS domain certificate passphrase
- See also
- domainCert()
◆ secureSuite
|
readwritenonatomicassign |
Configures the TLS secure suite type to be used.
By default it is set to TLSv1.2 (support TLSv1.2 and better/newer - TLSv1.3, etc are alsosupported!)
- Parameters
-
[in] value The TLS secure suite type
- See also
- TLSSecureSuiteType
◆ tlsInitialized
|
readwritenonatomicassign |
Sets whether the TLS configuration is initialized/applied.
Indicates whether the configuration is applied/initialized with startContext()! Any changes to the configuration can take place only if it is not initialized. If startContext() has been invoked any changes will not take effect until a restart happens - stopContext() followed by startContext().
- Parameters
-
[in] value - 0 - not initialized (can be modified)
- 1 - initialized (modifications will take effect after restart)
◆ useOnlyStrongCyphers
|
readwritenonatomicassign |
Configures whether to to limit the use to only of strong cypher.
If enabled, will limit the ciphers to 3DES and AES (RC4 or DES will not be allowed)
- Parameters
-
[in] value - 0 - disabled (use all)
- 1 - enabled (use only strong cyphers - 3DES and AES)
The documentation for this protocol was generated from the following file:
- Configurations/ZDKTLSConfiguration.h
