HTTP Properties Parameter

The current list of property names and values is shown below. Note that the property names are case sensitive, but the values are not. For boolean values, anything starting with "T" or "1" is considered TRUE; everything else is considered false. Note the default values for the case where the property is not specified.

Name = Value

Default

Description

Cert=<fspec>

none

Specify cert file spec

AllowHeaderFolding

True

Disables MIME header folding

BasicAuth

False

Allows HTTP basic authentication; see Comments.

RequiresSslCertVerify

False

If true, verify server's SSL cert; if expired or invalid, abort connection.

SslAllowedCiphers

<all>

Specify comma-delimited list of allowed SSL/TLS ciphers; see Comments.

AutoAddHostHeader

False

If true, the "Host" header will be added to the request header for XHTTPF_REQGET

MimicFireFox

False

If true, headers are added to XHTTPF_REQGET calls to mimic those used by FireFox

MimicIE

False

If true, headers are added XHTTPF_REQGET to mimic those used by Internet Explorer

ReadTimeout

75

Time in seconds to wait while reading the response from the server before timing out.

ConnectTimeout

30

Time in seconds to wait for the connection to be established before timing out

 

Comments

If more than one Name=Value pair is specified, separate them with semi-colons, without any excess leading or trailing spaces. For example:

properties = "AllowHeaderFolding=False;MimicFireFox=True;ConnectTimeout=60"

BasicAuth: Basic Authentication is one of many types of HTTP authentication, but it is often considered a security risk because the name and password are transmitted in plain text. For an SSL/TSL connection, this may be ok, but in any case, the default is set to False just to err on the safe side.

SslAllowedCiphers: To limit SSL/TLS connections to a more specific set of possible ciphers, specify one or more of the following (comma-delimited). You may also use the special value "best-practices" to request "current best practices". Currently this means the following, but may evolve over time:

•   Any RSA keys must be 1024 bits or more

•   All renegotiations must be secure

•   All ciphers using RC4, DES or 3DES are disallowed

Available ciphers

Note that in the following table, all items on a line have the same "root" and only the "suffix" varies.

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_ECDHE_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_RC4_128_MD5

TLS_DHE_RSA_WITH_DES_CBC_SHA

TLS_RSA_WITH_DES_CBC_SHA

 

 

History

2016 November, October, A-Shell 1535:  Replaced old parameter certfile with new parameter properties and much expanded its usage.