The current list of property names and values is shown below. Note that the property names are case sensitive, but the values are not. For boolean values, anything starting with "T" or "1" is considered TRUE; everything else is considered false. Note the default values for the case where the property is not specified.
Name = Value |
Default |
Description |
---|---|---|
Cert=<fspec> |
none |
Specify cert file spec |
AllowHeaderFolding |
True |
Disables MIME header folding |
BasicAuth |
False |
Allows HTTP basic authentication; see Comments. |
RequiresSslCertVerify |
False |
If true, verify server's SSL cert; if expired or invalid, abort connection. |
SslAllowedCiphers |
<all> |
Specify comma-delimited list of allowed SSL/TLS ciphers; see Comments. |
AutoAddHostHeader |
False |
If true, the "Host" header will be added to the request header for XHTTPF_REQGET |
MimicFireFox |
False |
If true, headers are added to XHTTPF_REQGET calls to mimic those used by FireFox |
MimicIE |
False |
If true, headers are added XHTTPF_REQGET to mimic those used by Internet Explorer |
ReadTimeout |
75 |
Time in seconds to wait while reading the response from the server before timing out. |
ConnectTimeout |
30 |
Time in seconds to wait for the connection to be established before timing out |
Comments
If more than one Name=Value pair is specified, separate them with semi-colons, without any excess leading or trailing spaces. For example:
properties = "AllowHeaderFolding=False;MimicFireFox=True;ConnectTimeout=60"
BasicAuth: Basic Authentication is one of many types of HTTP authentication, but it is often considered a security risk because the name and password are transmitted in plain text. For an SSL/TSL connection, this may be ok, but in any case, the default is set to False just to err on the safe side.
SslAllowedCiphers: To limit SSL/TLS connections to a more specific set of possible ciphers, specify one or more of the following (comma-delimited). You may also use the special value "best-practices" to request "current best practices". Currently this means the following, but may evolve over time:
• | Any RSA keys must be 1024 bits or more |
• | All renegotiations must be secure |
• | All ciphers using RC4, DES or 3DES are disallowed |
Available ciphers
Note that in the following table, all items on a line have the same "root" and only the "suffix" varies.
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_RC4_128_MD5 |
TLS_DHE_RSA_WITH_DES_CBC_SHA |
TLS_RSA_WITH_DES_CBC_SHA |
|
History
2016 November, October, A-Shell 1535: Replaced old parameter certfile with new parameter properties and much expanded its usage.