Interface TLSInfo

Configure Transport Layer Security (TLS) parameters for secure connections to the database cluster. TLS connections are not supported as of Aerospike Server v3.9 and depend on a future server release.

Since

v2.4

interface TLSInfo {
    cafile?: string;
    capath?: string;
    certBlacklist?: string;
    certfile?: string;
    cipherSuite?: string;
    crlCheck?: boolean;
    crlCheckAll?: boolean;
    enable?: boolean;
    forLoginOnly?: boolean;
    keyfile?: string;
    keyfilePassword?: string;
    logSessionInfo?: boolean;
    protocols?: string;
}

Properties

cafile? capath? certBlacklist? certfile? cipherSuite? crlCheck? crlCheckAll? enable? forLoginOnly? keyfile? keyfilePassword? logSessionInfo? protocols?

Properties

Optionalcafile

cafile?: string

Path to a trusted CA certificate file. By default TLS will use system standard trusted CA certificates.

Optionalcapath

capath?: string

Path to a directory of trusted certificates. See the OpenSSL SSL_CTX_load_verify_locations manual page for more information about the format of the directory.

OptionalcertBlacklist

certBlacklist?: string

Path to a certificate blacklist file. The file should contain one line for each blacklisted certificate. Each line starts with the certificate serial number expressed in hex. Each entry may optionally specify the issuer name of the certificate. (Serial numbers are only required to be unique per issuer.) Example records:
867EC87482B2 /C=US/ST=CA/O=Acme/OU=Engineering/CN=Test Chain CA
E2D4B0E570F9EF8E885C065899886461

Optionalcertfile

certfile?: string

Path to the client's certificate chain file for mutual authentication. By default, mutual authentication is disabled.

OptionalcipherSuite

cipherSuite?: string

Specifies enabled cipher suites. The format is the same as OpenSSL's Cipher List Format documented at https://www.openssl.org/docs/manmaster/apps/ciphers.html. If not specified the OpenSSL default cipher suite described in the ciphers documentation will be used. If you are not sure what cipher suite to select this option is best left unspecified.

OptionalcrlCheck

crlCheck?: boolean

Enable CRL checking for the certificate chain leaf certificate. An error occurs if a suitable CRL cannot be found. By default CRL checking is disabled.

OptionalcrlCheckAll

crlCheckAll?: boolean

Enable CRL checking for the entire certificate chain. An error occurs if a suitable CRL cannot be found. By default CRL checking is disabled.

Optionalenable

enable?: boolean

Enable TLS for socket connections to cluster nodes. By default TLS is enabled only if the client configuration includes a tls section.

OptionalforLoginOnly

forLoginOnly?: boolean

Use TLS connections only for login authentication. All other communication with the server will be done with non-TLS connections. Default: false (Use TLS connections for all communication with the server.)

Optionalkeyfile

keyfile?: string

Path to the client's key for mutual authentication. By default, mutual authentication is disabled.

OptionalkeyfilePassword

keyfilePassword?: string

Decryption password for the client's key for mutual authentication. By default, the key is assumed not to be encrypted.

OptionallogSessionInfo

logSessionInfo?: boolean

Log session information for each connection.

Optionalprotocols

protocols?: string

Specifies enabled protocols. The format is the same as Apache's SSLProtocol documented at https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol. If not specified, the client will use "-all +TLSv1.2". If you are not sure what protocols to select this option is best left unspecified.

Settings

Member Visibility

On This Page

Properties
MMNEPVFCICPMFPCPTTAAATR