Fields
optionalsessionIdContext:Null<String>
opaque identifier for session resumption.
If requestCert
is true, the default is MD5 hash value generated from command-line.
Otherwise, the default is not provided.
optionalsecureProtocol:Null<String>
The SSL method to use, e.g. SSLv3_method to force SSL version 3. The possible values depend on your installation of OpenSSL and are defined in the constant SSL_METHODS.
optionalpfx:Null<EitherType<String, Buffer>>
private key, certificate and CA certs of the server in PFX or PKCS12 format.
optionalhonorCipherOrder:Null<Bool>
When choosing a cipher, use the server's preferences instead of the client preferences. Default: true.
optionalecdhCurve:Null<String>
named curve to use for ECDH key agreement or false to disable ECDH.
Defaults to prime256v1 (NIST P-256). Use Crypto.getCurves
to obtain a list of available curve names.
On recent releases, openssl ecparam -list_curves will also display the name and description
of each available elliptic curve.
optionaldhparam:Null<EitherType<String, Buffer>>
Diffie Hellman parameters, required for Perfect Forward Secrecy.
Use openssl dhparam to create it. Its key length should be greater than or equal to 1024 bits, otherwise it throws an error. It is strongly recommended to use 2048 bits or more for stronger security. If omitted or invalid, it is silently discarded and DHE ciphers won't be available.
optionalciphers:Null<String>
ciphers to use or exclude.
To mitigate BEAST attacks it is recommended that you use this option in conjunction with the honorCipherOrder
option described below to prioritize the non-CBC cipher.
Defaults to AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH.
Consult the OpenSSL cipher list format documentation for details on the format. ECDH (Elliptic Curve Diffie-Hellman) ciphers are not yet supported.