Openssl
From CauchoWiki
<openssl> configures SSL for a <http> or <srun> port using the OpenSSL library. (Requires Resin Professional)
[edit] directives
| directive | description | default |
|---|---|---|
| ca-certificate-file | CA file for SSL client authentication | |
| ca-certificate-path | CA directory for SSL client authentication | |
| certificate-file | The server's certificate | required |
| certificate-chain-file | File containing the certificate chain for SSL client authentication | |
| certificate-key-file | The server's private key file | required |
| cipher-suite | Specifies cryptographic algorithms allowed | |
| password | Specifies the private key password | required |
| protocol | SSL3 or TLS | TLS |
| session-cache | If true, enables the OpenSSL session cache | true |
| session-cache-timeout | How long sessions should be kept in the session cache | |
| unclean-shutdown | If true, closing SSL sockets will be forced instead of a clean shutdown | false |
| <verify-client> | Sets the SSL client authentication options | |
| verify-depth | How deep a verification chain to allow |
[edit] cipher-suite
The <cipher-suite> tag restricts the ciphers allowed for SSL connections following the OpenSSL cipher suite syntax
<http port='443'>
<openssl>
<certificate-file>...</certificate-file>
<certificate-key-file>...</certificate-key-file>
<password>...</password>
<cipher-suite>ALL:!aNULL:!ADH</cipher-suite>
</openssl>
</http>
[edit] Windows Specific Information
The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the docs.
To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from here. Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's:
- ssleay32.dll
- libeay32.dll
- libssl32.dll
You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL.
