Or:
/TLS="cfg[|pw] [|DNShost]"
No default.
From a client, specifies that the device attempts to negotiate an SSL/TLS-secured connection according to the client’s specified configuration and server requirements. When securing a socket as a server, specifies that the server requires a SSL/TLS-secured connection according to the server’s specified configuration and any client requirements.
The value of the /SSL or /TLS keyword parameter is a quoted string. This string can have one, two, or three components, separated by the '|' character:
-
cfg specifies the name of the configuration for the connection or socket. pw specifies the optional private key file password. DNShost specifies the fully qualified DNS hostname of a specific server, for use with the Server Name Indication (SNI) TLS extension.
This configuration name is used only the first time I/O is performed after the OPEN or USE command. Subsequent invocations are ignored. /SSL="" or /TLS="" is ignored. For more information, see InterSystems TLS Guide.
-
pw (optional) is the password for the local private key file. This is intended for interactive applications only, when a user is being prompted to enter the password at run time. It should not be used with a persistently stored password. Use the Security.SSLConfigs.PrivateKeyPassword property for persistent storage.
IMPORTANT: The ability to include a password when opening a new or securing an existing TCP connection using SSL/TLS is for real-time interactive use only. You should never store a private key password persistently without protecting it. If you need to store such a password, use the PrivateKeyPassword property of the Security.SSLConfigsOpens in a new tab class.
-
DNShost (optional) for SSL clients only, specifies the fully qualified DNS hostname of a specific server (for Server Name Indication). If you omit pw you must specify the placeholder '|' character.
Server Name Indication (SNI) is a feature that allows the client to submit the hostname it's asking for to the server. This allows a server which handles multiple domains to select one of its multiple certificates to return. The server can select one which will match hostname checking on the client.
The following are examples of valid /TLS keyword parameters:
/TLS="Client"
/TLS="Client|password"
/TLS="Client||www.intersystems.com"
/TLS="Client|password|www.intersystems.com"