Poco::Net::Context

struct Params

Library: NetSSL_OpenSSL
Package: SSLCore
Header: Poco/Net/Context.h

Constructors

Params

Params();

Initializes the struct with default values.

Variables

caLocation

std::string caLocation;

Path to the file or directory containing the CA/root certificates. Can be empty if the OpenSSL builtin CA certificates are used (see loadDefaultCAs).

certificateFile

std::string certificateFile;

Path to the certificate file (in PEM format).

If the private key and the certificate are stored in the same file, this can be empty if privateKeyFile is given.

cipherList

std::string cipherList;

Specifies the supported ciphers in OpenSSL notation. Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".

dhParamsFile

std::string dhParamsFile;

Specifies a file containing Diffie-Hellman parameters. If empty, the default parameters are used.

dhUse2048Bits

bool dhUse2048Bits;

If set to true, will use 2048-bit MODP Group with 256-bit prime order subgroup (RFC5114) instead of 1024-bit for DH.

ecdhCurve

std::string ecdhCurve;

OpenSSL 1.0.1 and earlier:

Specifies the name of the curve to use for ECDH, based
on the curve names specified in RFC 4492.
Defaults to "prime256v1".

OpenSSL 1.0.2 to 1.1.0:

Specifies the colon-separated list of curves
to be used for ECDH, based on the curve names
defined by OpenSSL, such as
"X448:X25519:P-521:P-384:P-256"
Defaults to the subset supported by the OpenSSL version
among the above.

OpenSSL 1.1.1 and above:

Specifies the colon-separated list of groups
(some of which can be curves) to be used for ECDH
and other TLSv1.3 ephemeral key negotiation, based
on the group names defined by OpenSSL. Defaults to
"X448:X25519:ffdhe4096:ffdhe3072:ffdhe2048:ffdhe6144:ffdhe8192:P-521:P-384:P-256"

loadDefaultCAs

bool loadDefaultCAs;

Specifies whether the builtin CA certificates from OpenSSL are used. Defaults to false.

ocspStaplingVerification

bool ocspStaplingVerification;

Specifies whether Client should verify OCSP Response Defaults to false.

privateKeyFile

std::string privateKeyFile;

Path to the private key file used for encryption. Can be empty if no private key file is used.

verificationDepth

int verificationDepth;

Sets the upper limit for verification chain sizes. Verification will fail if a certificate chain larger than this is encountered. Defaults to 9.

verificationMode

VerificationMode verificationMode;

Specifies whether and how peer certificates are validated. Defaults to VERIFY_RELAXED.