Grid Community Toolkit  6.2.1705709074 (tag: v6.2.20240202)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
gsi.conf.h
1 static char *globus_l_gsi_conf_string =
2 "# Minimum TLS protocol version. One of TLS1_3_VERSION, TLS1_2_VERSION,\n"
3 "# TLS1_1_VERSION_DEPRECATED, TLS1_VERSION_DEPRECATED, or 0 for the default.\n"
4 "# The option TLS1_3_VERSION requires OpenSSL 1.1.1 or later to be valid.\n"
5 "# As of August 2018, TLSv1.2 is the default minimum TLS protocol version.\n"
6 "# Invalid values will use the default.\n"
7 "MIN_TLS_PROTOCOL=0\n"
8 "# Maximum TLS protocol version. One of TLS1_3_VERSION, TLS1_2_VERSION,\n"
9 "# TLS1_1_VERSION_DEPRECATED, TLS1_VERSION_DEPRECATED, or 0 for the highest\n"
10 "# supported version.\n"
11 "# The option TLS1_3_VERSION requires OpenSSL 1.1.1 or later to be valid.\n"
12 "# Invalid values will use the highest supported version.\n"
13 "MAX_TLS_PROTOCOL=0\n"
14 "# GSSAPI Name compatibility mode when trying to determine\n"
15 "# if a host certificate is legitimate. GSI predates RFC2818,\n"
16 "# so there are some old, less-secure, practices by default.\n"
17 "# The different modes are:\n"
18 "# STRICT_GT2:\n"
19 "# Strictly backward-compatible with GT 2.0 name matching.\n"
20 "# X.509 subjectAltName values are ignored. Names with\n"
21 "# hyphens are treated as wildcarded such that\n"
22 "# host-ANYTHING.example.com will match a certificate named\n"
23 "# host.example.com. The name matching will rely on canonical\n"
24 "# host (as resolved via getnameinfo) name associated with\n"
25 "# a connection's IP addresses.\n"
26 "# STRICT_RFC2818:\n"
27 "# Support RFC 2818 server identity processing. Hyphen\n"
28 "# characters are treated as normal part of a host name.\n"
29 "# dnsName and ipAddress subjectAltName extensions are matched\n"
30 "# against the host and port passed to GSSAPI. If subjectAltName\n"
31 "# is present, X.509 SubjectName is ignored.\n"
32 "# HYBRID:\n"
33 "# Support a hybrid of the two previous name matching algorithms,\n"
34 "# liberally matching both hyphen wildcards, canonical names\n"
35 "# associated with IP addresses, and subjectAltName extensions.\n"
36 "# This has been the default since GT 4.2\n"
37 "NAME_COMPATIBILITY=STRICT_RFC2818\n"
38 "# OpenSSL Cipher List. This is a preference-ordered list of OpenSSL cipher\n"
39 "# names in CIPHER LIST FORMAT specified in ciphers(1). Disregarded and\n"
40 "# 'eNULL:ALL:!COMPLEMENTOFDEFAULT' used instead, if GSS_C_CONF_FLAG not set\n"
41 "# by the application.\n"
42 "CIPHERS=HIGH\n"
43 "# If true, when choosing a cipher, a server will use its own preferred\n"
44 "# order instead of the cipher order presented by the client. When not set, the\n"
45 "# SSL server will always follow the clients preferences.\n"
46 "SERVER_CIPHER_ORDER=true\n"
47 "# If true, when computing a message integrity check, use the original\n"
48 "# implementation, which inspects internal OpenSSL structures. Otherwise,\n"
49 "# use keying material and sequence counters in the GSSAPI structures only.\n"
50 "# The true setting is only available for OpenSSL < 1.1.0\n"
51 "BACKWARD_COMPATIBLE_MIC=true\n"
52 "# If true, when verifying a message integrity check, accept MICs generated\n"
53 "# using the original implementation, which inspects internal OpenSSL\n"
54 "# structures. Otherwise, only use the new code which relies on use keying\n"
55 "# material and sequence counters in the GSSAPI structures only.\n"
56 "# The true setting is only available for OpenSSL < 1.1.0\n"
57 "ACCEPT_BACKWARD_COMPATIBLE_MIC=true\n"
58 "# If set to a non-root username, then files owned by that user are allowed\n"
59 "# to own credentials used by the root user\n"
60 "VHOST_CRED_OWNER=root\n"
61 ;