Startup Line Parameters; Parameter Reference; Parameter Overview - HP NonStop SSL Reference Manual

Startup Line Parameters

HP NonStop SSL configuration parameters can be passed on the startup line as follows (for a complete description of the
RUN SSLOBJ see section
<parameter name> <parameter value>; <parameter name> <parameter value>; ...
The following example demonstrates how to start a multiple HP NonStop SSL proxies sharing the same SSLCONF
configuration file:
> PARAM CONFIG SSLCONF
> RUN SSLOBJ /NAME $STN0, CPU 0, NOWAIT/ TELNETS; SUBNET $ZTC0; PORT 8023
> RUN SSLOBJ /NAME $STN1, CPU 1, NOWAIT/ TELNETS; SUBNET $ZTC1; PORT 8023
> RUN SSLOBJ /NAME $STN2, CPU 2, NOWAIT/ TELNETS; SUBNET $ZTC2; PORT 8023
> RUN SSLOBJ /NAME $STN3, CPU 3, NOWAIT/ TELNETS; SUBNET $ZTC3; PORT 8023

Parameter Reference

This section describes all available HP NonStop SSL parameters in alphabetical order. Note, that parameter names are
case insensitive independently of the source.

Parameter Overview

The following table lists all available HP NonStop SSL parameters and their meanings:
Parameter
ALLOWCERTERRORS
ALLOWIP
AUDITASCIIONLY
AUDITASCIIDUMPLENIN
AUDITASCIIDUMPLENOUT
AUDITCONSOLE
AUDITLEVEL
AUDITFILE
AUDITFILERETENTION
AUDITFORMAT
AUDITMAXFILELENGTH
CACERTS
CIPHERSUITES
CLIENTAUTH
CLIENTCERT
CLIENTKEY
CLIENTKEYPASS
CONFIG
CONFIG2
CONNECTIONINFOFORMAT
CONNECTIONINFOFORMATDETAILED
CONTENTFILTER
HP NonStop SSL Reference Manual
"Starting an HP NonStop SSL
Meaning
Allows selective overriding of certificate validation errors.
Limits allowed remote IP addresses.
Control the creation of an audit file containing the remote FTP commands in run
mode FTPS or the socket activities in run modes PROXYS, PROXYC,
ODBCMXS.
File names of a DER encoded X.509 CA certificates representing a certificate
chain signing the certificate configured with the CLIENTCERT or SERVCERT
parameter.
List of cipher suites that will be accepted by a secure HP NonStop SSL process.
If omitted, default openssl cipher suites will be used.
Enforced client authentication when running as SSL server: a certificate signing
the certificates the client is using for SSL client authentication
File name of a DER encoded X.509 client certificate.
The private key to be used for the client certificate.
Password for reading the (encrypted) private key file.
File name of a HP NonStop SSL configuration file.
Allows the usage of a second configuration file with different security settings.
Specifies the default format for the output of the SSLCOM command
"connections".
Specifies the default format for the output of the SSLCOM command
"connections, detail".
Activates content-filtering in run modes TELNETS, PROXYS and PROXYC.
Process"):
Configuration • 33