Here are some additional server examples:
Access database text line
TLS_Clt:nbc.hp.com | StartTLS connection as server to system nbc |
TLS_Clt:nbc.hp.com VERIFY | StartTLS connection and certificate verification required |
StartTLS connection and certificate verification | Must encrypt with at least 32 bits |
required |
|
TLS_Clt:nbc.hp.com VERIFY:32 | Certificate verification and encryption strength of at least 32 bits |
|
|
Additional access database tags allow the fine tuning of TLS connections:
TEMP+ or PERM+ shorthands are used to mark an entry as temporary or permanent failure/rejection.
Access database text line
TLS_Clt:cbs.hp.com | StartTLS connection as server to system cbs |
TLS_Clt:cbs.hp.com PERM+VERIFY | StartTLS connection and certificate verification required (failure |
| marked as permanent) |
TLS_Clt:cbs.hp.com TEMP+ENCR:64 | Must encrypt with at least 64 bits (failure marked as temporary ) |
TLS_Clt:cbs.hp.com TEMP+VERIFY:32 | Certificate verification and encryption strength of at least 32 bits |
| (failure marked as temporary) |
|
|
The other modifiers include the CN, CS and CI tags. This tag class is started with a ‘+’ sign and additional tags are separated by ‘++’. CN is shorthand for the Common name of the client or server certification (the fully qualified domain name of the server). CS is shorthand for the Common server certification (the fully qualified domain name of the server). CI is shorthand for the Common client certification (the fully qualified domain name of the client).
CN:name means CN must be ‘name’
CS:name means the Domain name must be ‘name’
CI:name means the CI Domain name must be ‘name
Summary of TLS options available for use in the access data file
First field | Second (or more) field | Additional fields | Optional | ||
Try_TLS | Address, or host, or | YES or NO |
|
| |
| domain information |
|
|
|
|
TLS_Srv: (TLS Server | optional | • | CN:name | ||
Side) |
| • | VERIFY | • | |
|
| ||||
|
| • | ENCR:bits | • | CS:name |
|
| • | VERIFY:bits | • | CI:name |
TLS_Clt: (TLS Client | optional | • | CN:name | ||
Side) |
| • | VERIFY | • | |
|
| ||||
|
| • | ENCR:bits | • | CS:name |
|
| • | VERIFY:bits | • | CI:name |
TLS_Rcpt: (TLS Client | user@, domain, | optional | • | CN:name | |
Side) | subdomain | • | VERIFY | • | |
|
| ||||
|
| • | ENCR:bits | • | CS:name |
|
| • | VERIFY:bits | • | CI:name |
Sendmail Server Administration 117