1. Security Guide
  2. Security.xml Parameters
  3. Transport parameters

Transport parameters

There are three standard transport types:

  • ha

    Controls the communications between the data replication layer.

  • client

    Controls most RMI communication.

  • internal

    Controls the SSL internal authentication mechanism.

The following parameters can be set and associated to a transport type:

  • transportType

    This parameter should be set to SSL.

  • serverKeyAlias

    The keystore alias that identifies the keypair used by the store services, including Storage Nodes, Replication Nodes, Admins, and Arbiter Nodes. If not specified, the alias "shared" is used.

  • clientKeyAlias

    The keystore alias that identifies the keypair used by either a direct connect Java client or a proxy. See Configuring the Proxy for more details. If not specified, the alias "shared" is used.

  • clientAuthRequired

    Should always be true for ha and internal transports and should be false for client transports.

  • clientIdentityAllowed

    When clientAuthRequired is true, this specifies what client identification check should be applied. This should be set to dnmatch(XXX) where XXX is the Distinguished name from the client certificate.

  • serverIdentityAllowed

    This specifies what server verification should be performed. This should normally be set to dnmatch(XXX) where XXX is the Distinguished name from the server certificate.

  • allowCipherSuites

    This is a comma-delimited list of SSL/TLS cipher suites that should be considered for use. For valid options, see the Java JSSE documentation corresponding to your JDK version. If not specified, the JDK default set of cipher suites is allowed.

  • allowProtocols

    This is a comma-delimited list of SSL/TLS protocols that should be considered for use. For valid options, see the Java JSSE documentation corresponding to your JDK version. If not specified, the JDK default set of protocols is used.

  • clientAllowCipherSuites

    See allowCipherSuites for a description of the format. This parameter sets the cipher suite requirements only for the initiating side of a connection. If set, it overrides any setting of allowCipherSuites for the connection initiator.

  • clientAllowProtocols

    See allowProtocols for a description of the format. This parameter sets the protocol requirements only for the initiating side of a connection. If set, it overrides any setting of allowProtocols for the connection initiator.