The SSL transport is used for creating OpenWire/TCP endpoints with SSL/TLS enabled.
![]() | Note |
---|---|
The URI transport options described here are not sufficient to configure an SSL endpoint completely. You must also associate X.509 certificates with the endpoint. For more details, see SSL/TLS Security in Fuse Message Broker Security Guide. |
An SSL URI has the following syntax:
ssl://Host
[:Port
]?transportOptions
Where the transport options, transportOptions
, are specified
as follows:
?option
=value
&option
=value
&...
In XML configuration, you must escape the &
symbol, replacing it with
&
. For example:
?option
=value
&option
=value
&...
The SSL transport inherits all of the options supported by the TCP transport URI. See Table A.1.
Table A.2 shows the options supported by the SSL URI.
Table A.2. SSL Transport Options
Option | Default | Description |
---|---|---|
transport.enabledCipherSuites | Specifies the cipher suites accepted by this endpoint, in the form of a comma-separated list. | |
transport.enabledProtocols | Specifies the secure socket protocols accepted by this endpoint, in the form of
a comma-separated list. If using Sun's JSSE provider, possible values are:
SSL , SSLv2 , SSLv3 , TLS , or
TLSv1 . | |
transport.wantClientAuth | (Server only) If true , the server requests
(but does not require) the client to send a certificate. | |
transport.needClientAuth | false | (Server only) If true , the server
requires the client to send its certificate. If the client
fails to send a certificate, the server will throw an error and close the
session. |
transport.enableSessionCreation | true | (Server only) If true , the server socket
creates a new SSL session every time it accepts a connection and spawns a new
socket. If false , an existing SSL session must be resumed when the
server socket accepts a connection. |