Repository: qpid-dispatch Updated Branches: refs/heads/master 00d1ea220 -> 95c9463e2
DISPATCH-877 - Document new ciphers attribute. This closes #219 Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/95c9463e Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/95c9463e Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/95c9463e Branch: refs/heads/master Commit: 95c9463e247a26d1b7374992d7826214c2805b5f Parents: 00d1ea2 Author: Ben Hardesty <bhard...@redhat.com> Authored: Wed Nov 15 17:00:55 2017 -0500 Committer: Ganesh Murthy <gmur...@redhat.com> Committed: Tue Nov 28 11:33:26 2017 -0500 ---------------------------------------------------------------------- doc/new-book/configuration-security.adoc | 12 ++++++++++++ 1 file changed, 12 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95c9463e/doc/new-book/configuration-security.adoc ---------------------------------------------------------------------- diff --git a/doc/new-book/configuration-security.adoc b/doc/new-book/configuration-security.adoc index c59a35f..4df8d4a 100644 --- a/doc/new-book/configuration-security.adoc +++ b/doc/new-book/configuration-security.adoc @@ -49,6 +49,7 @@ You must have the following files in PEM format: ---- sslProfile { name: _NAME_ + ciphers: _CIPHERS_ certDb: _PATH_.pem certFile: _PATH_.pem keyFile: _PATH_.pem @@ -66,6 +67,17 @@ For example: name: router-ssl-profile ---- +`ciphers`:: The SSL cipher suites that can be used by this SSL/TLS profile. If certain ciphers are unsuitable for your environment, you can use this attribute to restrict them from being used. ++ +To enable a cipher list, enter one or more cipher strings separated by colons (`:`). For example: ++ +[options="nowrap"] +---- +ciphers: ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP +---- ++ +To see the full list of available ciphers, use the `openssl ciphers` command. For more information about each cipher, see the link:https://www.openssl.org/docs/manmaster/man1/ciphers.html[ciphers man page^]. + `certDb`:: The absolute path to the database that contains the public certificates of trusted certificate authorities (CA). + For example: --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org