Grid Community Toolkit
6.2.1567772254 (tag: v6.2.20190906)
gsi
gssapi
source
library
gsi.conf.h
1
static
char
*globus_l_gsi_conf_string =
2
"# As of August 2018, TLSv1.2 is the default TLS protocol version.\n"
3
"# Minimum TLS protocol version. One of TLS1_2_VERSION, TLS1_VERSION_DEPRECATED, \n"
4
"# TLS1_1_VERSION_DEPRECATED, or 0 for the default. Invalid values will use \n"
5
"# the default. SSLv3 and below are disabled.\n"
6
"MIN_TLS_PROTOCOL=TLS1_VERSION_DEPRECATED\n"
7
"# Maximum TLS protocol version. One of TLS1_2_VERSION, TLS1_VERSION_DEPRECATED,\n"
8
"# TLS1_1_VERSION_DEPRECATED, or 0 for the highest supported version. Invalid \n"
9
"# values will use the highest supported version. SSLv3 and below are disabled.\n"
10
"MAX_TLS_PROTOCOL=0\n"
11
"# GSSAPI Name compatibility mode when trying to determine\n"
12
"# if a host certificate is legitimate. GSI predates RFC2818,\n"
13
"# so there are some old, less-secure, practices by default.\n"
14
"# The different modes are:\n"
15
"# STRICT_GT2:\n"
16
"# Strictly backward-compatible with GT 2.0 name matching. \n"
17
"# X.509 subjectAltName values are ignored. Names with\n"
18
"# hyphens are treated as wildcarded such that \n"
19
"# host-ANYTHING.example.com will match a certificate named\n"
20
"# host.example.com. The name matching will rely on canonical\n"
21
"# host (as resolved via getnameinfo) name associated with\n"
22
"# a connection's IP addresses.\n"
23
"# STRICT_RFC2818:\n"
24
"# Support RFC 2818 server identity processing. Hyphen \n"
25
"# characters are treated as normal part of a host name. \n"
26
"# dnsName and ipAddress subjectAltName extensions are matched\n"
27
"# against the host and port passed to GSSAPI. If subjectAltName \n"
28
"# is present, X.509 SubjectName is ignored. \n"
29
"# HYBRID:\n"
30
"# Support a hybrid of the two previous name matching algorithms,\n"
31
"# liberally matching both hyphen wildcards, canonical names\n"
32
"# associated with IP addresses, and subjectAltName extensions.\n"
33
"# This has been the default since GT 4.2\n"
34
"NAME_COMPATIBILITY=STRICT_RFC2818\n"
35
"# OpenSSL Cipher List. This is a preference-ordered list of OpenSSL cipher\n"
36
"# names in CIPHER LIST FORMAT specified in ciphers(1). Disregarded and\n"
37
"# 'eNULL:ALL:!COMPLEMENTOFDEFAULT' used instead, if GSS_C_CONF_FLAG not set\n"
38
"# by the application.\n"
39
"CIPHERS=HIGH\n"
40
"# If true, when choosing a cipher, a server will use its own preferred\n"
41
"# order instead of the cipher order presented by the client. When not set, the\n"
42
"# SSL server will always follow the clients preferences.\n"
43
"SERVER_CIPHER_ORDER=true\n"
44
"# If true, when computing a message integrity check, use the original\n"
45
"# implementation, which inspects internal OpenSSL structures. Otherwise,\n"
46
"# use keying material and sequence counters in the GSSAPI structures only.\n"
47
"# The true setting is only available for OpenSSL < 1.1.0\n"
48
"BACKWARD_COMPATIBLE_MIC=true\n"
49
"# If true, when verifying a message integrity check, accept MICs generated\n"
50
"# using the original implementation, which inspects internal OpenSSL\n"
51
"# structures. Otherwise, only use the new code which relies on use keying\n"
52
"# material and sequence counters in the GSSAPI structures only.\n"
53
"# The true setting is only available for OpenSSL < 1.1.0\n"
54
"ACCEPT_BACKWARD_COMPATIBLE_MIC=true\n"
55
"# If set to a non-root username, then files owned by that user are allowed\n"
56
"# to own credentials used by the root user\n"
57
"VHOST_CRED_OWNER=root\n"
58
;
Generated by
1.8.15
1.8.15