Direct connections configuration

direct-interface specifies the network interfaces that Liberator listens on for direct connection requests.

Syntax: direct-interface <space-separated-list-of-interface-ip-addresses>

Type: array of strings

Default value: [all available network interfaces]

direct-max-line-length specifies the maximum number of bytes allowed in a single line of an RTTP message sent to Liberator through a direct connection.

Syntax: direct-max-line-length <max-length-in-bytes>

Type: integer

Default value: 65536

direct-port specifies the network port that Liberator listens on for direct connection requests.

Syntax: direct-port <network-port>

Type: integer

Default value: 15000

direct-refuse-time specifies the time in seconds for Liberator to refuse new direct connections if no sockets are available.

Syntax: direct-refuse-time <time-in-seconds>

Type: float

Default value: 5.0 seconds

direct-tcp-nodelay-off specifies whether Liberator’s direct client connection sockets should have the TCP_NODELAY feature turned off. The default is FALSE, which means TCP_NODELAY is enabled. Setting this configuration item to TRUE disables TCP_NODELAY.

Syntax: direct-tcp-nodelay-off <boolean>

Type: boolean

Default value: FALSE (TCP_NODELAY is enabled)

directssl-certificate specifies the filename and directory path of the SSL (secure sockets layer) certificate used for direct connections. This file must be in PEM format. The directory path is optional and can be in relative or absolute format.

Syntax: https-certificate <PEM-filename-and-path>

Type: string

Default value: cert.pem

The default filename for the certificate is the same as the private key’s default filename (default for directssl-privatekey) because both the certificate and the private key can be contained in the same file.

directssl-cipher-list specifies a colon separated list of cipher strings. These cipher strings select, in preferred order, the various SSL ciphers (cryptographic algorithms) that Liberator can use for its direct SSL connections with clients. The ciphers are selected from the set available in the version of OpenSSL built into Liberator. The format of the cipher list is as defined for the cipherlist argument of the OpenSSL ciphers tool; for details see the OpenSSL 1.0.2 ciphers(1) manual page, which includes a list of the available cipher suite names. At run time, Liberator passes the cipher list as a control string to the OpenSSL 1.0.2 function SSL_CTX_set_cipher_list(); this function uses the control string to set up the list of available SSL ciphers.

Syntax: directssl-cipher-list <openSSL-ciphers(1)-cipherlist>

Type: string

Default value: DEFAULT (The default list of OpenSSL ciphers. This may vary according to the version of OpenSSL built into Liberator.)

Example:

https-disable-renegotiation when set to TRUE, prevents clients from renegotiating their direct SSL connections. This protects against Denial of Service attacks involving repeated attempts to renegotiate.

Syntax: directssl-disable-renegotiation <boolean>

Type: boolean

Default value: FALSE (client renegotiation is allowed)

directssl-enable switches on support for direct connections using SSL when set to TRUE.

Syntax: directssl-enable <boolean>

Type: boolean

Default value: FALSE (Direct connections via SSL not supported)

directssl-interface specifies the network interfaces to listen on for direct connections using SSL.

Syntax: directssl-interface <space-separated-list-of-interface-ip-addresses>

Type: array of strings

Default value: [all available network interfaces]

directssl-ssl-options specifies the levels of the SSL protocol that are supported for direct connections using SSL.

Syntax: directssl-ssl-options <supported-SSL-levels>

Type: string

Default value: SSL_OP_NO_SSLv2

Values accepted:

You can specify multiple values using the | operator, as in this example:

SSL_OP_NO_TLSV1|SSL_OP_NO_SSLV2 means that all protocol levels are supported except SSLv1 and SSLv2.

directssl-passwordfile specifies the filename and directory path of the file containing the SSL certificate passphrase used for direct connections. The directory path is optional and can be in relative or absolute format.

Syntax: directssl-passwordfile <password-filename-and-path>

Type: string

Default value: rttpd.directssl.pass

directssl-port specifies the network port that Liberator listens on for direct connection requests using SSL.

Syntax: directssl-port <network-port>

Type: integer

Default value: 15001

directssl-privatekey specifies the filename and directory path of the SSL (secure sockets layer) private key used for direct connections. This file must be in PEM format. The directory path is optional and can be in relative or absolute format.

Syntax: directssl-privatekey <private-key-filename-and-path>

Type: string

Default value: cert.pem

The default filename for the private key is the same as the certificate’s default filename (default for directssl-certificate) because both the certificate and the private key can be contained in the same file.

See ssl-random-seed in DataSource Secure Sockets Layer (SSL) configuration.

See also: