صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
kennyh
/
emqx4.3
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 8b3c751a07
شاخه‌ها تگ‌ها
emqx4.3
/
examples
/
listeners.ssl.conf.example

listeners.ssl.conf.example 2.3 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. ##--------------------------------------------------------------------
    2. 

  2. ## SSL Listener
    3. 

  3. ##
    4. 

  4. ## Add a SSL Listener
    5. 

  5. ##--------------------------------------------------------------------
    6. 

  6. ## Note: This is an example of how to configure this feature
    7. 

  7. ##       you should copy and paste the below data into the emqx.conf for working
    8. 

  8. 

  9. ## The SSL listener also supports all the fields listed in listeners.tcp.conf.example
    10. 

  10. ## only the SSL-specific fields are shown here
    11. 

  11. 

  12. ## Note: Modifying the 'sslname' to what you need
    13. 

  13. listeners.ssl.sslname {
    14. 

  14.     ## Whether to enable the listener
    15. 

  15.     enable = true
    16. 

  16. 

  17.     ## Port or Address to listen on
    18. 

  18.     bind = 8883 ## or with an IP e.g. "127.0.0.1:8883"
    19. 

  19. 

  20.     ## Trusted PEM format CA certificates bundle file
    21. 

  21.     cacertfile = "data/certs/cacert.pem"
    22. 

  22. 

  23.     ## PEM format certificates chain file
    24. 

  24.     certfile = "data/certs/cert.pem"
    25. 

  25. 

  26.     ## PEM format private key file
    27. 

  27.     keyfile = "data/certs/key.pem"
    28. 

  28. 

  29.     ## Enable or disable peer verification
    30. 

  30.     verify = verify_none  ## use verify_peer to enable
    31. 

  31. 

  32.     ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send
    33. 

  33.     fail_if_no_peer_cert = false
    34. 

  34. 

  35.     ## Enable TLS session reuse
    36. 

  36.     reuse_sessions = true
    37. 

  37. 

  38.     ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path
    39. 

  39.     depth = 10
    40. 

  40. 

  41.     ## Which versions are to be supported
    42. 

  42.     versions = [tlsv1.3, tlsv1.2]
    43. 

  43. 

  44.     ## TLS cipher suite names
    45. 

  45.     ## Note: By default, all available suites are supported, you do not need to set this
    46. 

  46.     ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]
    47. 

  47. 

  48.     ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly
    49. 

  49.     secure_renegotiate = true
    50. 

  50. 

  51.     ## Log level for SSL communication
    52. 

  52.     ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all
    53. 

  53.     log_level = notice
    54. 

  54. 

  55.     ## Hibernate the SSL process after idling for amount of time reducing its memory footprint
    56. 

  56.     hibernate_after = 5s
    57. 

  57. 

  58.     ## Forces the cipher to be set based on the server-specified order instead of the client-specified order
    59. 

  59.     honor_cipher_order = true
    60. 

  60. 

  61.     ##  Setting this to false to disable client-initiated renegotiation
    62. 

  62.     client_renegotiation = true
    63. 

  63. 

  64.     ## Maximum time duration allowed for the handshake to complete
    65. 

  65.     handshake_timeout = 15s
    66. 

  66. }
    67.