Default configuration parameters

Default parameters

Use the set of default parameters, prefixed with Default to set your configuration, and also configure multiple connections. The parameters have a set of default values that you can be change. The values can be applied to the parameters prefixed with Default and also to the connection parameters.
Table 1. Default parameter values

A three column table that provides the default values that all broker connections use if there are no additional connections defined.
Keyword Default Value Required
ServerURL <blank> Yes
ProxyURL <blank> No
DefaultPortToListen <blank> Yes
DefaultBindTo 0.0.0.0 No
DefaultBindTo6 :: No
DefaultRetryDelay 45 No
DefaultKeepAlive 900 No
DefaultTLSCertificate server.pem No
DefaultTLSCertificatePassphrase <blank> No
DefaultTLSCipherList

TLSv1.2:AES:!kECDH:!kDH:!RSA:!aNULL:!eNULL:!SRP:!PSK:!CAMELLIA:!3DES:!MD5:!RC4:!EXP:!DES:@STRENGTH

 No
DefaultHTTPSCipherList

TLSv1.2:AES:!kECDH:!kDH:!RSA:!aNULL:!eNULL:!SRP:!PSK:!CAMELLIA:!3DES:!MD5:!RC4:!EXP:!DES:@STRENGTH

 No
The default values can be used to set values for all connections. However, values that are set for specific connections override the default value for that connection.

Example 1: Using a default value

DefaultKeepAlive = 300

Inbound.1.ConnectionType = Inbound
Inbound.1.PortToListen = 8887

Broker.1.ConnectionType = Broker
Broker.1.DestinationAddress = broker1.example.com
Broker.1.DestinationPort = 8887

Broker.2.ConenctionType = Broker
Broker.2.DestinationAddress = broker2.example.com
Broker.2.DestinationPort = 8887
Broker.2.KeepAlive = 100

In this example, the DefaultKeepAlive value of 300 is used for the Inbound.1 connection and the Broker.1 connection. Setting the default parameter means that you do not need to add the property to each specific connection. However, the Broker.2 connection uses the KeepAlive value of 100 since the Broker.2.KeepAlive property is set. The specific connection value overrides the default value.

Example 2: Using specific values


Inbound.1.ConnectionType = Inbound
Inbound.1.PortToListen = 8887
Inbound.1.KeepAlive = 300

Broker.1.ConnectionType = Broker
Broker.1.DestinationAddress = broker1.example.com
Broker1.DestinationPort = 8887
Broker.1.KeepAlive = 300

In this example, no DefaultKeepAlive value is set. A KeepAlive property value is set for each specific connection.

Required default parameters

Required parameters do not have a built-in default value. These parameters must be set either to the value given in the file or within the connection configurations. When a required parameter is set in the connection parameters, this value overrides any default values set for the same parameter.
Table 2. Required parameters values used

A three column table that provides values that are used for required parameters, depending on where the parameters are set.
Default parameter set Connection parameter set Value Used
No No Not defined, a required parameter must be defined in the configuration.
No Yes Connection parameter is used
Yes No Default parameter is used.
Yes Yes Connection parameter is used.

Optional default parameters

Optional parameters have a built-in default value. If the parameter is not set within the default parameters or within the connection parameters, the built-in default value is used. If the parameter is set within the default parameters, but is not set within the connection parameters, the default parameter value is used by any connections.
Table 3. Optional parameters

A three column table that provides the values that are used for optional parameters, depending on where the parameters are set.
Default parameter set Connection parameter set Value used
No No Built in default value is used
No Yes Connection parameter is used
Yes No Default parameter is used
Yes Yes Connection parameter is used

Parameter definitions

DefaultPortToListen
Defines the TCP port that endpoints must use to connect to this broker. The port for listening for inbound connections. Required parameter.
DefaultSourcePort
Defines the port that the outgoing connection is using. This parameter is optional. Default is 0.
DefaultBindTo
This parameter is optional. Defines the IP address that is used to create connections with.

For example: my\connection.BindTo=192.0.2.0

Default is 0.0.0.0. Optional parameter.
DefaultBindTo6
This parameter is optional. Defines the IP address that is used to create connections with in IPv6 networks. Default is ::. Optional parameter.
DefaultRetryDelay
inbound connections
Defines the time in seconds between attempts to open the configured port for listening for incoming connections. Default is 45 seconds.
broker connections
Defines the time in seconds between attempts to establish or re-establish the control connection. This parameter is optional. Default is 45 seconds.
DefaultKeepAlive
Defines the time in seconds between keepalive requests. This parameter is optional. Default is 900 seconds.
DefaultTLSCertificateFile
Filename or path to the TLS certificate for this broker. For more information on creating and managing broker certificates, see Certificate management. Default is server.pem.
DefaultTLSCertificatePassphrase
Password for the private key that is associated with the TLS certificate This parameter is optional. For security purposes, the password is automatically encrypted when you start the broker.
DefaultTLSCipherList and DefaultHTTPSCipherList
Use this configuration keyword to override the selection of cipher suites that can be used to secure network connections to or from a broker. A cipher suite is a combination of four cryptographic algorithms that are used together to create a secure communication channel. These algorithms are provided by a cryptographic module included with the broker. This module also includes algorithms for compatibility with an earlier versions, even if they are now considered to offer little or no security. By default, the broker selects only cipher suites that offer strong security. The default selection can be overridden if necessary. This is normally not needed, but can be used, for example, to disable an algorithm against which a new cryptographic attack is discovered. The documentation for the syntax of the cipher list can be found on the OpenSSL website. http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT

Default Cipher List

TLSv1+HIGH
Only ciphers from the TLSv1 cipher suite with key lengths larger than 128 bits and some cipher suites with 128-bit keys.
TLSv1
Only ciphers from the TLSv1 cipher suite.
!SSLv2
Permanently remove all ciphers from the SSLv2 cipher suite.
!aNULL
Permanently remove all ciphers without authentication.
!eNULL
Permanently remove all ciphers without encryption.
!3DES
Permanently remove all ciphers that use the triple DES encryption algorithm.
@STRENGTH
Order the cipher list in order of encryption algorithm key length.
Note: The broker supports only TLSv1. Support for SSLv2 and SSLv3 is disabled due to known vulnerabilities in those versions of the protocol, even if you include SSLv2 or SSLv3 in the cipher list.

Types of cryptographic algorithms

Authentication
Verify the identity of the client or server that is using digital certificates.
Key Exchange
Establish shared secrets to be used as encryption keys and message authentication keys for the session.
Encryption
Protects the session data from being accessed by unauthorized entities.
Message authentication
Protects the session data from being tampered with.
With the version of OpenSSL that is included with the broker component and the default cipher list, the following ciphers can be used:
Encryption
  • AES key length 256 bits
  • AES key length 128 bits
Authentication
  • RSA
  • DSA
Key Exchange
  • RSA
  • Diffie-Hellman
Message Authentication
SHA-1