mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
d1460afdfc
openssl/demos/bio/accept.cnf

24 lines
486 B
Plaintext
Raw Normal View History

Add demo for SSL server using SSL_CONF.
2013-10-18 23:28:38 +08:00
# Example configuration file
Add config_diagnostics to our configuration files. The change to a more configuration based approach to enable FIPS mode operation highlights a shortcoming in the default should do something approach we've taken for bad configuration files. Currently, a bad configuration file will be automatically loaded and once the badness is detected, it will silently stop processing the configuration and continue normal operations. This is good for remote servers, allowing changes to be made without bricking things. It's bad when a user thinks they've configured what they want but got something wrong and it still appears to work. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16171)
2021-07-29 07:55:09 +08:00
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
Modify sample accept.cnf
2013-10-21 05:21:09 +08:00
# Port to listen on
Port = 4433
Add config_diagnostics to our configuration files. The change to a more configuration based approach to enable FIPS mode operation highlights a shortcoming in the default should do something approach we've taken for bad configuration files. Currently, a bad configuration file will be automatically loaded and once the badness is detected, it will silently stop processing the configuration and continue normal operations. This is good for remote servers, allowing changes to be made without bricking things. It's bad when a user thinks they've configured what they want but got something wrong and it still appears to work. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16171)
2021-07-29 07:55:09 +08:00
Add demo for SSL server using SSL_CONF.
2013-10-18 23:28:38 +08:00
# Disable TLS v1.2 for test.
# Protocol = ALL, -TLSv1.2
# Only support 3 curves
Curves = P-521:P-384:P-256
Add config_diagnostics to our configuration files. The change to a more configuration based approach to enable FIPS mode operation highlights a shortcoming in the default should do something approach we've taken for bad configuration files. Currently, a bad configuration file will be automatically loaded and once the badness is detected, it will silently stop processing the configuration and continue normal operations. This is good for remote servers, allowing changes to be made without bricking things. It's bad when a user thinks they've configured what they want but got something wrong and it still appears to work. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16171)
2021-07-29 07:55:09 +08:00
Add demo for SSL server using SSL_CONF.
2013-10-18 23:28:38 +08:00
# Restricted signature algorithms
Remove unnecessary trailing whitespace Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8092)
2019-02-01 01:55:30 +08:00
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
Add demo for SSL server using SSL_CONF.
2013-10-18 23:28:38 +08:00
Certificate=server.pem
PrivateKey=server.pem
Update demo. Use new SSL_CONF options in demo. Add intermediate and root CAs and update all to use SHA256. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-14 21:19:38 +08:00
ChainCAFile=root.pem
VerifyCAFile=root.pem
# Request certificate
VerifyMode=Request
ClientCAFile=root.pem
Reference in New Issue Copy Permalink