To prevent plain text passwords appearing in the configuration file, this can be specified by
doing a base64 encoding on the password and setting the
attribute to
.
encrypt
"true"
Example
<SSLPassPhrase encrypt="true">dGluY2Fu</SSLPassPhrase>
The encrypted password is equivalent to the plaintext format:
<SSLPassPhrase>tincan</SSLPassPhrase>
or
<SSLPassPhrase encrypt="false" >tincan</SSLPassPhrase>
Even though the tag attribute is named
, it is not a true encryption. It is a base64
"encrypt"
encoding that makes the password less readable.
See also
SSLCACertificateKeyFile
SSLServerCtx
Container tag.
Description
The tags in this section control the SSL configuration for this adaptor.
Contained tags
,
,
,
,
SSLCACertificateFile
SSLCACertificateKeyFile
SSLCipherSuite
SSLPassPhrase
SSLSessionTimeout
SSLSessionTimeout
This tag specifies in minutes how long an SSL-based session remains valid. The default time
period is 5 minutes.
Description
SSL sessions are used to improve performance by avoiding the need to perform the full SSL
handshake for every connection. When a client connects to a server for the first time, it must
perform the full handshake. After that first handshake, the server sends back a session object
to the client which the client can place in the cache and reuse at a later time.
If the client connects to the same server again at a later time, it can send back the cached
session object. The server will not require the full SSL handshake, if the session is still valid.
XML configuration files
161