5.5.1. SSL parameter constants

NameValue
SSL_VERIFY_NONEAutomatic certificate verification is disabled.
SSL_VERIFY_OPTIONAL_UNTRUSTEDCertificate is optional, if present, both trusted and untrusted certificates are accepted.
SSL_VERIFY_OPTIONAL_TRUSTEDCertificate is optional, but if a certificate is present, only certificates signed by a trusted CA are accepted.
SSL_VERIFY_REQUIRED_UNTRUSTEDValid certificate is required, both trusted and untrusted certificates are accepted.
SSL_VERIFY_REQUIRED_TRUSTEDCertificate is required, only valid certificates signed by a trusted CA are accepted.

Table 5.29.  Certificate verification settings

NameValue
SSL_CIPHERS_HIGHn/a
SSL_CIPHERS_MEDIUMn/a
SSL_CIPHERS_LOWn/a
SSL_CIPHERS_ALLn/a
SSL_CIPHERS_CUSTOMn/a

Table 5.30.  Constants for cipher selection

NameValue
SSL_HSO_CLIENT_SERVER Perform the SSL-handshake with the client first.
SSL_HSO_SERVER_CLIENT Perform the SSL-handshake with the server first.

Table 5.31.  Handshake order.

NameValue
SSL_NONE Disable encryption between Zorp and the peer.
SSL_FORCE_SSL Require encrypted communication between Zorp and the peer.
SSL_ACCEPT_STARTTLS Permit STARTTLS sessions. Currently supported only in the Ftp and Smtp proxies.

Table 5.32.  Client connection security type.

NameValue
SSL_NONE Disable encryption between Zorp and the peer.
SSL_FORCE_SSL Require encrypted communication between Zorp and the peer.
SSL_FORWARD_STARTTLS Forward STARTTLS requests to the server. Currently supported only in the Ftp and Smtp proxies.

Table 5.33.  Server connection security type.

NameValue
SSL_ERRORn/a
SSL_DEBUGn/a

Table 5.34.  Verbosity level of the log messages

NameValue
SSL_HS_ACCEPT0
SSL_HS_REJECT1
SSL_HS_POLICY6
SSL_HS_VERIFIED10

Table 5.35.  Handshake policy decisions