In HTTP.SBX, rename the certfile parameter to properties and revise its meaning/interpretation to:
Properties (string) [in]
An optional list of name=value clauses delimited by semicolons, e.g.: name1=value;name2=value2,value3;...;nameN=valueM
To maintain backwards compatibility, if there is no "=" character in the string, it will be intepreted as the certfile spec (as before), although this syntax is now deprecated and replaced with the cert=fspec clause).
The current list of property names and values is shown below. Note that the property names are case sensitive, but the values are not. For boolean values, anything starting with "T" or "1" is considered TRUE; everything else is considered false. Note the default values for the case where the property is not specified.
Name = Value |
Default |
Description |
|---|---|---|
Cert=<fspec> |
none |
Specify cert file spec |
AllowHeaderFolding |
True |
Disables MIME header folding |
BasicAuth |
False |
Allows HTTP basic authentication; see Comments. |
RequiresSslCertVerify |
False |
If true, verify server's SSL cert; if expired or invalid, abort connection. |
SslAllowedCiphers |
<all> |
Specify comma-delimited list of allowed SSL/TLS ciphers See Comments. |
AutoAddHostHeader |
False |
If true, the "Host" header will be added to the request header for XHTTPF_REQGET |
MimicFireFox |
False |
If true, headers are added to XHTTPF_REQGET calls to mimic those used by FireFox |
MimicIE |
False |
If true, headers are added XHTTPF_REQGET to mimic those used by Internet Explorer |
ReadTimeout |
75 |
Time in seconds to wait while reading the response from the server before timing out. |
ConnectTimeout |
30 |
Time in seconds to wait for the connection to be established before timing out |
Table Comments
BasicAuth: Basic Authentication is one of many types of HTTP authentication, but it is often considered a security risk because the name and password are transmitted in plain text. For an SSL/TSL connection, this may be ok, but in any case, the default is set to False just to err on the safe side.
SslAllowedCiphers: To limit SSL/TLS connections to a more specific set of possible ciphers, specify one or more of the following (comma-delimited). You may also use the special value "best-practices" to request "current best practices". Currently this means the following, but may evolve over time:
| • | Any RSA keys must be 1024 bits or more |
| • | All renegotiations must be secure |
| • | All ciphers using RC4, DES or 3DES are disallowed |
Available ciphers
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_RC4_128_MD5 |
TLS_DHE_RSA_WITH_DES_CBC_SHA |
TLS_RSA_WITH_DES_CBC_SHA |
|
