Strona główna Odkrywaj Pomoc
Zaloguj się
kennyh
/
emqx4.3
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: 3f0d9db674
Gałęzie Tagi
emqx4.3
/
examples
/
listeners.ssl.conf.example

listeners.ssl.conf.example 2.5 KB
Historia Czysty

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. ##--------------------------------------------------------------------
    2. 

  2. ## SSL Listener
    3. 

  3. ##
    4. 

  4. ## Add a SSL Listener
    5. 

  5. ##--------------------------------------------------------------------
    6. 

  6. ## Note: This is an example of how to configure this feature
    7. 

  7. ##       you should copy and paste the below data into the emqx.conf for working
    8. 

  8. 

  9. ## The SSL listener also supports all the fields listed in listeners.tcp.conf.example
    10. 

  10. ## only the SSL-specific fields are shown here
    11. 

  11. 

  12. ## Note: Modifying the 'sslname' to what you need
    13. 

  13. listeners.ssl.sslname {
    14. 

  14.     ## Port or Address to listen on, 0 means disable
    15. 

  15.     bind = 8883 ## or with an IP e.g. "127.0.0.1:8883"
    16. 

  16. 

  17.     ssl_options {
    18. 

  18.         ## Trusted PEM format CA certificates bundle file
    19. 

  19.         cacertfile = "data/certs/cacert.pem"
    20. 

  20. 

  21.         ## PEM format certificates chain file
    22. 

  22.         certfile = "data/certs/cert.pem"
    23. 

  23. 

  24.         ## PEM format private key file
    25. 

  25.         keyfile = "data/certs/key.pem"
    26. 

  26. 

  27.         ## Enable or disable peer verification
    28. 

  28.         verify = verify_none  ## use verify_peer to enable
    29. 

  29. 

  30.         ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send
    31. 

  31.         fail_if_no_peer_cert = false
    32. 

  32. 

  33.         ## Enable TLS session reuse
    34. 

  34.         reuse_sessions = true
    35. 

  35. 

  36.         ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path
    37. 

  37.         depth = 10
    38. 

  38. 

  39.         ## Which versions are to be supported
    40. 

  40.         versions = [tlsv1.3, tlsv1.2]
    41. 

  41. 

  42.         ## TLS cipher suite names
    43. 

  43.         ## Note: By default, all available suites are supported, you do not need to set this
    44. 

  44.         ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]
    45. 

  45. 

  46.         ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly
    47. 

  47.         secure_renegotiate = true
    48. 

  48. 

  49.         ## Log level for SSL communication
    50. 

  50.         ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all
    51. 

  51.         log_level = notice
    52. 

  52. 

  53.         ## Hibernate the SSL process after idling for amount of time reducing its memory footprint
    54. 

  54.         hibernate_after = 5s
    55. 

  55. 

  56.         ## Forces the cipher to be set based on the server-specified order instead of the client-specified order
    57. 

  57.         honor_cipher_order = true
    58. 

  58. 

  59.         ##  Setting this to false to disable client-initiated renegotiation
    60. 

  60.         client_renegotiation = true
    61. 

  61. 

  62.         ## Maximum time duration allowed for the handshake to complete
    63. 

  63.         handshake_timeout = 15s
    64. 

  64.     }
    65. 

  65. }
    66.