InetD SSL model configuration file
To use the Internet Daemon (InetD) Secure Sockets Layer (SSL) model, you must create one or more InetD SSL model configuration files and place them in the /etc/ssl/inetd/ directory on the z/TPF system.
InetD SSL model configuration files must use the
following naming convention: /etc/ssl/inetd/servername.conf
, where:
- servername
- The name of a z/TPF SSL server to be started and managed by the InetD SSL model.
The following InetD SSL model configuration file
parameters are required:
- VERSION
- CIPHER
- VERIFYPEER
- CERTIFICATE
- CERTTYPE
- KEY
- KEYTYPE
The following InetD SSL model configuration file
parameters are optional:
- USESSL (If specified, must be set to YES.)
- CAINFO (If the VERIFYPEER parameter is set to YES, the CAINFO or CAPATH parameter is required.)
- CAPATH (If the VERIFYPEER parameter is set to YES, the CAINFO or CAPATH parameter is required.)
- MAXVERSION
The following InetD SSL model configuration file
parameters are ignored:
- APPLDATA
InetD reads the configuration file when an SSL server with an InetD SSL model is started. If the configuration file changes or if the certificate files or key files that are referenced by the configuration file change, the changes do not take effect until the InetD server is stopped and restarted or the SSL daemons are recycled.
# Example INETD SSL model configuration file
VERSION=SSLv23
CIPHER=ECDHE-RSA-AES256-GCM-SHA384,AES256-GCM-SHA384,AES256-SHA256
VERIFYPEER=YES
CERTIFICATE=/certs/tpf2048_cert.pem
CERTTYPE=PEM
KEY=/tpfpubk/tpf2048.pem
CAINFO=/certs/cacert.pem
KEYTYPE=PEM