Transport parameters
There are three standard transport types:
-
ha
Controls the communications between the data replication layer.
-
client
Controls most RMI communication.
-
internal
Controls the SSL internal authentication mechanism.
The following parameters can be set and associated to a transport type:
-
transportType
This parameter should be set to SSL.
-
serverKeyAlias
The keystore alias that identifies the keypair used by the store services, including Storage Nodes, Replication Nodes, Admins, and Arbiter Nodes. If not specified, the alias "
shared
" is used. -
clientKeyAlias
The keystore alias that identifies the keypair used by either a direct connect Java client or a proxy. See Configuring the Proxy for more details. If not specified, the alias "
shared
" is used. -
clientAuthRequired
Should always be true for ha and internal transports and should be false for client transports.
-
clientIdentityAllowed
When clientAuthRequired is true, this specifies what client identification check should be applied. This should be set to dnmatch(XXX) where XXX is the Distinguished name from the client certificate.
-
serverIdentityAllowed
This specifies what server verification should be performed. This should normally be set to dnmatch(XXX) where XXX is the Distinguished name from the server certificate.
-
allowCipherSuites
This is a comma-delimited list of SSL/TLS cipher suites that should be considered for use. For valid options, see the Java JSSE documentation corresponding to your JDK version. If not specified, the JDK default set of cipher suites is allowed.
-
allowProtocols
This is a comma-delimited list of SSL/TLS protocols that should be considered for use. For valid options, see the Java JSSE documentation corresponding to your JDK version. If not specified, the JDK default set of protocols is used.
-
clientAllowCipherSuites
See allowCipherSuites for a description of the format. This parameter sets the cipher suite requirements only for the initiating side of a connection. If set, it overrides any setting of allowCipherSuites for the connection initiator.
-
clientAllowProtocols
See allowProtocols for a description of the format. This parameter sets the protocol requirements only for the initiating side of a connection. If set, it overrides any setting of allowProtocols for the connection initiator.