################################################################################ # SSL Options # # Please refer to the python ssl module for details # Key file to use: #ssl-key = /path/to/keyfile ssl-key = # Certifcate file to use: #ssl-cert = /path/to/cert ssl-cert = # Specifies which version of the SSL protocol to use: #ssl-protocol = SSLv23 #ssl-protocol = TLSv1_2 # The ca_certs file contains a set of concatenated 'certification authority' certificates: #ssl-ca-certs = default #ssl-ca-certs = /path/to/cacertfile #ssl-ca-certs = /path/to/cacertsdir/ # Whether to try to verify the client's certificates # and how to behave if verification fails: #ssl-client-verify-mode = none #ssl-client-verify-mode = optional #ssl-client-verify-mode = required ssl-client-verify-mode = optional # Whether to try to verify the server's certificates # and how to behave if verification fails: #ssl-server-verify-mode = none #ssl-server-verify-mode = optional #ssl-server-verify-mode = required ssl-server-verify-mode = required # Whether to match the peer cert's hostname: ssl-check-hostname = on # Server hostname to check for: #ssl-server-hostname = localhost # The following options require Python 2.7.9 or later: # The flags for certificate verification operations: #ssl-verify-flags = DEFAULT #ssl-verify-flags = CRL_CHECK_LEAF #ssl-verify-flags = CHECK_CHAIN ssl-verify-flags = X509_STRICT # Sets the available ciphers for this SSL object: #ssl-ciphers = ALL #ssl-ciphers = HIGH ssl-ciphers = DEFAULT # Set of SSL options enabled on this context: #ssl-options = ALL #ssl-options = OP_NO_TLSv1,NO_COMPRESSION ssl-options = ALL,NO_COMPRESSION