SSL Properties

Definition

All SSL/TLS properties are contained within the ssl object in the IAP Service Instance Configuration for the adapter. These tell the adapter libraries how to handle security related to the request.

Property	Type	Required	Description
`ecdhCurve`	string	No -> ""	In testing with Node.js 8 and Node.js 9 there is an issue sometimes where a PROTO error is returned when attempting to connect. This issue was fixed in later versions of Node, but to fix it in Node.js 8 and Node.js 9, set ecdhCurve to “auto” if you are seeing a similar issue. Note: This is the only use of this property.
`enabled`	boolean	Yes	Determines whether the external system has SSL enabled for requests.
`accept_invalid_certs`	boolean	Yes (if SSL enabled)	Tells adapter whether it should accept (i.e., ignore) invalid certificates. Note: Only set this to true in lab environments.
`ca_file`	string	Yes (if SSL enabled & not accepting invalid certs)	The fully qualified path name to the ca_file used for SSL.
`key_file`	string	No	The fully qualified path name to the key_file used for SSL.
`cert_file`	string	No	The fully qualified path name to the certificate file used for SSL.
`secure_protocol`	string	No	The secure protocol for the SSL handshake.
`ciphers`	string	Yes (if SSL enabled)	The hyphenated list of acceptable ciphers.

Example Scenario

The system is secured with SSL. Thus, SSL needs to be enabled.
For lab environments, it is permissible to just enable SSL and then accept invalid certificates.
- Note: This practice should only be used in labs.
For production, you will want to provide other information.
- In this case, the CA file is in /root/mycafile.
- The secure protocol will be SSL 3.0.
- In this case, no ciphers are used.

IAP Service Instance Configuration Properties for the Adapter

"ssl": {
  "ecdhCurve": "",
  "enabled": true,
  "accept_invalid_cert": false,
  "ca_file": "/root/mycafile",
  "key_file": "",
  "cert_file": "",
  "secure_protocol": "SSLv3_method",
  "ciphers": ""
}