NAME
tlshd.conf - tlshd configuration file
SYNOPSIS
/etc/tlshd.conf
DESCRIPTION
The tlshd program implements a user agent that services TLS handshake requests on behalf of kernel TLS consumers. Its configuration file contains information that the program reads when it starts up. The file is designed to be human readable and contains a list of keywords with values that provide various types of information. The configuration file is considered a trusted source of information.
The tlshd program reads this file once when it is launched. Thus changes made in this file take effect only when the lshd program is restarted. If this file does not exist, the tlshd program exits immediately.
OPTIONS
The configuration file is split into sections.
The [main] section specifies run-time settings for the tlshd program. In this section, there are two available options:
|
debug |
This option specifies an integer which indicates the debug message level. Zero, the quietest setting, is the default. |
tlsdebug
This option specifies an integer which indicates the debug message level for TLS library calls. Zero, the quietest setting, is the default.
nl_debug
This option specifies an integer which indicates the debug message level for netlink operations. Zero, the quietest setting, is the default.
keyrings
This option specifies a semicolon-separated list of auxiliary keyrings that might contain handshake authentication tokens. tlshd links these keyrings into its session keyring. The configuration file may specify either a keyring’s name or serial number. The default is to provide no keyring.
The
[authentication] section specifies default
authentication material when establishing TLS sessions.
There are two subsections:
[client]and[server]. In each of these
subsections, there are two available options:
x509.certificate
This option specifies the pathname of a file containing a PEM-encoded x.509 certificate that is to be presented during a ClientHello request when no other certificate is available.
x509.private_key
This option specifies the pathname of a file containing a PEM-encoded private key associated with the above certificate.
NOTES
This software is a prototype. It’s purpose is for demonstration and as a proof-of-concept. USE THIS SOFTWARE AT YOUR OWN RISK.
SEE ALSO
AUTHOR
Chuck Lever