Specifies the parameters for HTTPS service on the port, PORT, and enables service when ENABLE-SERVICE-P is non-null.
The required parameters are:
CERTIFICATE - A pathname containing the pem-encoded certificate for the SSL server on PORT.
PRIVATE-KEY - A pathname containing the pem-encoded private key for the SSL server on PORT.
PASSWORD - A string which is the password for PRIVATE-KEY, or any of the following keywords:
:NONE - No password required for PRIVATE-KEY.
:PROMPT - Ask the user for the password when SSL is launched.
PARAMETERS - A pathname containing the pem-encoded Diffie-Hellman parameters for the SSL server on PORT.
Open SSL dhparam shell command generates the parameters. See: http://www.openssl.org/docs/apps/dhparam.html
For discussion, see: http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html
The optional parameters are:
CIPHERS - A keyword or string denoting OpenSSL cipher suites to use with SSL on PORT.
The following values are available:
:ALL - all ciphers suites offering at least some encryption.
:HIGH - ciphers with key lengths greater than 128 bits.
:MEDIUM - ciphers using 128 bit encryption.
:LOW - ciphers using 64 or 56 bit encryption algorithms but excluding export cipher suites.
:56-BIT-EXPORT - ciphers using 56 bit export encryption algorithms.
:EXPORT - ciphers using export encryption algorithms, including both 40 and 56 bits algorithms.
:40-BIT-EXPORT - ciphers using 40 bit export encryption algorithms.
Users desiring fine-grained control may provide an OpenSSL cipher string.
These are described here: http://www.openssl.org/docs/apps/ciphers.html
SSL-VERSION - A keyword that controls the version of SSL/TLS used on PORT. The options are:
:TLS-1 - Use only TLS version 1
:SSL-2-OR-3 - Use only SSL version 2 or 3
:SSL-3 - Use only SSL version 3
:SSL-2 - Use only SSL version 2
:SSL-DEFAULT - Use the current default SSL versions (2 or 3)
Client certificates are not checked unless either CERTIFICATE-AUTHORITIES or CLIENT-CERTIFICATES is
supplied, which case the values of VERIFY and VERIFY-DEPTH
CERTIFICATE-AUTHORITIES - A pathname containing the PEM-encoded (base64 encoded) trusted certificate authorities or certificate
revocation lists accepted from clients by the SSL server on PORT.
CLIENT-CERTIFICATES - A directory containing PEM-encoded (base64 encoded) trusted certificate authorities or certificate
revocation lists accepted from clients by the SSL server on PORT.
VERIFY - A keyword that controls client certificate verification by the SSL server on PORT.
:NEVER - The server does not send a client certificate request to the client, so the client will
not send a certificate.
:ALWAYS - The server sends a client certificate request to the client, and any returned certificate
returned is checked. If the verification process fails, the TLS/SSL handshake is immediately
terminated with an alert message containing the reason for the verification failure.
:ONCE - Same as :ALWAYS except the a client certificate is checked only on the initial TLS/SSL handshake,
and not again in case of renegotiation.
VERIFY-DEPTH - An integer between 1 and 32 specifiying maximum certificate chain length for authentication of client
or peer certificates.
Standard parameters controlling HTTP service.
ADDRESS - An IP address string for the network interface on which to accept connections.
The value can also be a keyword:
:ALL - Listen on all interfaces
:PRIMARY - Listen only on the primary interface (see also http:*primary-network-host*)
:LOOPBACK - Listen on the loopback address 127.0.0.1
TIMEOUT - Time in 60ths of a second before the server drops an idle HTTP connection.
PROCESS-PRIORITY - An integer specifying process priority for the process listening on PORT.
BACKLOG - The number of pending connections on PORT that will be queued for accept.