kamailio/doc/tutorials/cfg_list/cfg_tls.txt

Configuration Variables for tls
===============================

                  [ this file is autogenerated, do not edit ]


 1. tls.force_run
        force loading the tls module even when initial sanity checks
        fail.
        Default: 0.
        Range: 0 - 1.
        Type: integer. Read-only.

 2. tls.method
        TLS method used (TLSv1, SSLv3, SSLv2, SSLv23).
        Default: <unknown:str>.
        Type: string. Read-only.

 3. tls.verify_certificate
        if enabled the certificates will be verified.
        Default: 0.
        Range: 0 - 1.
        Type: integer. Read-only.

 4. tls.verify_depth
        sets how far up the certificate chain will the certificate
        verification go in the search for a trusted CA.
        Default: 9.
        Range: 0 - 100.
        Type: integer. Read-only.

 5. tls.require_certificate
        if enabled a certificate will be required from clients.
        Default: 0.
        Range: 0 - 1.
        Type: integer. Read-only.

 6. tls.private_key
        name of the file containing the private key (pem format), if
        not contained in the certificate file.
        Default: <unknown:str>.
        Type: string. Read-only.

 7. tls.ca_list
        name of the file containing the trusted CA list (pem format).
        Default: <unknown:str>.
        Type: string. Read-only.

 8. tls.crl
        name of the file containing the CRL  (certificare revocation
        list in pem format).
        Default: <unknown:str>.
        Type: string. Read-only.

 9. tls.certificate
        name of the file containing the certificate (pem format).
        Default: <unknown:str>.
        Type: string. Read-only.

10. tls.cipher_list
        list of the accepted ciphers (strings separated by colons).
        Default: <unknown:str>.
        Type: string. Read-only.

11. tls.session_cache
        enables or disables the session cache.
        Default: 0.
        Range: 0 - 1.
        Type: integer. Read-only.

12. tls.session_id
        string used for the session id.
        Default: <unknown:str>.
        Type: string. Read-only.

13. tls.config
        tls config file name (used for the per domain options).
        Default: <unknown:str>.
        Type: string.

14. tls.log
        tls info messages log level.
        Default: 3.
        Range: 0 - 1000.
        Type: integer.

15. tls.debug
        tls debug messages log level.
        Default: 3.
        Range: 0 - 1000.
        Type: integer.

16. tls.connection_timeout
        initial connection lifetime (in s) (obsolete).
        Default: 600.
        Range: -1 - -2147483648.
        Type: integer.

17. tls.disable_compression
        if set disable the built-in OpenSSL compression.
        Default: 1.
        Range: 0 - 1.
        Type: integer. Read-only.

18. tls.ssl_release_buffers
        quickly release internal OpenSSL read or write buffers. Works
        only for OpenSSL >= 1.0..
        Default: -1.
        Range: -1 - 1.
        Type: integer. Read-only.

19. tls.ssl_free_list_max
        maximum number of free/cached memory chunks that OpenSSL will
        keep per connection. Works only for OpenSSL >= 1.0..
        Default: -1.
        Range: -1 - 1073741824.
        Type: integer. Read-only.

20. tls.ssl_max_send_fragment
        sets the maximum number of bytes (clear text) send into one TLS
        record. Valid values are between 512 and 16384. Works only for
        OpenSSL >= 0.9.9.
        Default: -1.
        Range: -1 - 65536.
        Type: integer. Read-only.

21. tls.ssl_read_ahead
        Enables read ahead, reducing the number of BIO read calls done
        internally by the OpenSSL library. Note that in newer tls
        module versions it is better to have read ahead disabled, since
        everything it is buffered in memory anyway.
        Default: 0.
        Range: -1 - 1.
        Type: integer. Read-only.

22. tls.low_mem_threshold1
        sets the minimum amount of free memory for accepting new TLS
        connections (KB).
        Default: -1.
        Range: -1 - 1073741824.
        Type: integer.

23. tls.low_mem_threshold2
        sets the minimum amount of free memory after which no more TLS
        operations will be attempted (even on existing connections).
        Default: -1.
        Range: -1 - 1073741824.
        Type: integer.

24. tls.ct_wq_max
        maximum bytes queued globally for write when write has to wait
        due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial
        TLS connection establishment (it is different from tcp.wq_max,
        which works at the TCP connection level).
        Default: 10485760.
        Range: 0 - 1073741824.
        Type: integer.

25. tls.con_ct_wq_max
        maximum bytes queued for write per connection when write has to
        wait due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or
        initial TLS connection establishment (it is different from
        tcp.conn_wq_max, which works at the TCP connection level).
        Default: 65536.
        Range: 0 - 4194304.
        Type: integer.

26. tls.ct_wq_blk_size
        internal TLS pre-write (clear-text) queue minimum block size
        (advanced tunning or debugging for now).
        Default: 4096.
        Range: 1 - 65536.
        Type: integer.

27. tls.send_close_notify
        enable/disable sending a close notify TLS shutdown alert before
        closing the corresponding TCP connection.Note that having it
        enabled has a performance impact..
        Default: 0.
        Range: 0 - 1.
        Type: integer.