/
override-securityserver-fi.ini
26 lines (23 loc) · 1.2 KB
/
override-securityserver-fi.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
; FI security server configuration overrides
[signer]
; Auth and sign key length (2048/3072/4096 bits)
key-length=3072
enforce-token-pin-policy=true
; Certificate signing request signature digest algorithm,
; possible values: SHA-256, SHA-384, SHA-512
csr-signature-digest-algorithm=SHA-256
[proxy]
; Client-side enabled TLS protocols and cipher suites. User by client side listerers and connectors.
; See https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider for possible values
client-tls-protocols=TLSv1.2
client-tls-ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
server-connector-max-idle-time=120000
server-support-clients-pooled-connections=true
pool-enable-connection-reuse=true
client-use-fastest-connecting-ssl-socket-autoclose=true
client-use-idle-connection-monitor=true
client-timeout=30000
server-min-supported-client-version=7.3.0
[message-log]
message-body-logging=false
acceptable-timestamp-failure-period=172800