Client Common Command Setting Items
#
Setting Item ListThe setting items for the common settings with the client commands are below.
System Operating Environment Settings, Transmission Method Related
Description | Configuration Name |
---|---|
Protocol version (fixed to 2) | ProtocolVersion |
WSS options | WSSOptions |
WSS TLS 1.3 Cipher Suites | WSSCipherSuites |
WSS TLS 1.2 or earlier Cipher Suites | WSSCipherList |
Communication Data Compression Function
Description | Configuration Name |
---|---|
Compress level | CompressLevel |
Header compression | HeaderCompress |
Content compression | ContentCompress |
Data Flow Control, Bandwidth Control
Description | Configuration Name |
---|---|
Max receiving rate (by session) | MaxReceiveRate |
Max sending rate (by session) | MaxSendRate |
Data Flow Control, File Lock Function
Description | Configuration Name |
---|---|
Use file lock | FileLock |
Number of trials to lock files | FileLockTrials |
The trial interval (in seconds) | FileLockTrialInterval |
Data Flow Control, Data Buffer Setting
Description | Configuration Name |
---|---|
Maximum buffer allocation size | MaxBufferSize |
HpFP transport buffer size extension | UDPTransportExtensionBufferSize |
TCP sending buffer | TCPTransportSocketSendBuffer |
Data Flow Control, Transfer File Size Control
Description | Configuration Name |
---|---|
Maximum receiving file size | MaxReceiveFileSize |
Maximum sending file size | MaxSendFileSize |
Data Flow Control, Message Data Size Control
Description | Configuration Name |
---|---|
Initial header block size | InitHeaderBlockSize |
Initial content block size | InitContentBlockSize |
Maximum header block size | MaxHeaderBlockSize |
Maximum content block size | MaxContentBlockSize |
Max file entry request | MaxRequestFileEntryAtOnce |
Code Transformation, Communication Encoding Negotiation
Description | Configuration Name |
---|---|
Transport character encoding | TransportCharEncoding |
Code Transformation, Host Character Encoding
Description | Configuration Name |
---|---|
Host character encoding | HostEncoding |
Authentication
Description | Configuration Name |
---|---|
LPA (Local Password Authentication) authentication | LocalPasswordAuthentication |
PAM (Pluggable Authenticaton Module) authentication | PAMAuthentication |
RSA (Rivest-Shamir-Adleman cryptosystem) authentication | PubkeyAuthentication |
Windows authentication | WinLogonUserAuthentication |
Specify directory for searching private keys (RSA auth) | PrivateKeySearchDir |
Specify file for finding a private key (RSA auth) | PrivateKeyFile |
Configure priority of RSA authentication | PubkeyAuthenticationPrior |
Encryption
Description | Configuration Name |
---|---|
Encryption method for message communication | AcceptableCryptMethod |
Digest method for validation of message and file data | AcceptableDigestMethod |
Disable MAC (Message Authentication Code) or not | DisableDataIntegrityChecking |
Acceptance of rejection for disabling MAC | AcceptDataIntegrityCheckingOnRejection |
Security Negotiation by Encryption Communications
Description | Configuration Name |
---|---|
Set requirement of the server certificate security to servers | RequireServerCertificateSecurity |
Disable fallback into communication without the security or not | RejectFallbackServerCertificateSecurity |
Ignore the common name of the server certificate in its validation | IgnoreCertificateCNInvalid |
Ignore fields of NotBefore and NotAfter of the certificate in its validation | IgnoreCertificateDateInvalid |
Ignore validation of CA certificate and intermediates of the certificate | IgnoreUnknownCA |
Ignore validation of CRL for the certificate | IgnoreRevocation |
Same to IgnoreCertificateCNInvalid on Web Socket SSL/TLS | WSSIgnoreCertificateCNInvalid |
Same to IgnoreCertificateDateInvalid on Web Socket SSL/TLS | WSSIgnoreCertificateDateInvalid |
Same to IgnoreUnknownCA on Web Socket SSL/TLS | WSSIgnoreUnknownCA |
Same to IgnoreRevocation on Web Socket SSL/TLS (Reserved) | WSSIgnoreRevocation |
File path where CA certificates and intermediates are saved | CACertificateFile |
Directory path where files including CA certificates and intermediates are saved (Reserved) | CACertificatePath |
File path where CRL are saved | CARevocationFile |
Directory path where files including CRL are saved (Reserved) | CARevocationPath |
Same to CACertificateFile on Web Socket SSL/TLS | WSSCACertificateFile |
Enable OCSP (Online Certificate Status Protocol) or not | OCSPRevocationEnabled |
Server host key's acceptance policy configuration | StrictHostKeyChecking |
Various Monitoring, Timeout Control
Description | Configuration Name |
---|---|
Set transport timeout | TransportTimeout |
Log Management
Description | Configuration Name |
---|---|
Application log configuration | ApplicationLog |
Application log level | ApplicationLogLevel |
Application statistics configuration | ApplicationStatLog |
Transport statistics configuration | TransportStatLog |
Set to output a security detail on application statistics | ApplicationStatLogSecurityEx |
System Operating Environment Settings, CPU Thread Control
Description | Configuration Name |
---|---|
Limit number of threads to use (Linux) | MaxConcurrentThread |
#
System Operating Environment Settings, Transmission Method Related#
WSSOptions=========================================================================Supported OS : Linux / WindowsFormat : WSSOptions <opt_value>-------------------------------------------------------------------------opt_valueFormat : ( NONE | <openssl_opt_values> )Default : NONERange of Values : list of SSL/TLS option names defined by OpenSSL=========================================================================
This options specifies Cipher Suites options of OpenSSL that will be used on SSL/TLS communication. Please use names described in the following URL.
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_options.htmlSSL_CTX_set_options
--Example :WSSOptions SSL_OP_NO_COMPRESSION:SSL_OP_NO_SSLv3--
#
WSSCipherSuites=========================================================================Supported OS : Linux / WindowsFormat : WSSCipherSuites <cs_value>-------------------------------------------------------------------------cs_valueFormat : ( NONE | <openssl_cipher_suite_values> )Default : NONERange of Values : list of Cipher Suites parameters defined by OpenSSL=========================================================================
This options specifie Cipher Suites parameters of OpenSSL that will be used on TLS v1.3 communication. Please use names described in the following URL.
https://www.openssl.org/docs/man1.1.1/man1/ciphers.htmlciphers
Ciphte Suite names defined by "TLS v1.3 cipher suites"
--Example :WSSCipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256--
#
WSSCipherList=========================================================================Supported OS : Linux / WindowsFormat : WSSCipherList <clist_value>-------------------------------------------------------------------------clist_valueFormat : ( NONE | <openssl_cipher_list> )Default : NONERange of Values : Cipher List parameters defined by OpenSSL=========================================================================
This option specifies Cipher List parameters of OpenSSL that will be used on SSL/TLS communication under TLS 1.2. Please use names described in the following URL.
https://www.openssl.org/docs/man1.1.1/man1/ciphers.htmlciphers
Cipher List in a format defined by "CIPHER LIST FORMAT2 and "CIPHER STRINGS".
--Example :WSSCipherList RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL--
#
Communication Data Compression Function#
CompressLevel=========================================================================Supported OS : Linux / WindowsFormat : CompressLevel <compress-level>-------------------------------------------------------------------------compress-levelDefault : -1Range of Values : -1, 0 - 9=========================================================================
The compression level of the transmission messages is set.
--Example :CompressLevel 9--
When -1 is set, the compression level 6 is chosen.
When 0 is set, no compression will be performed.
#
HeaderCompress=========================================================================Supported OS : Linux / WindowsFormat : HeaderCompress <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
The compression of the header information such as the file request is configured.
--Example :HeaderCompress no--
#
ContentCompress=========================================================================Supported OS : Linux / WindowsFormat : ContentCompress <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
The compression of the data of files, data blocks created from the files, is configured.
--Example :ContentCompress no--
#
Data Flow Control, Bandwidth Control#
MaxReceiveRate=========================================================================Supported OS : Linux / WindowsFormat : MaxReceiveRate <bandwidth>-------------------------------------------------------------------------bandwidthDefault : 10GbitRange of Values : unsigned double-length integer=========================================================================
The shaping of receiving bandwidth on the transport is set (each connection).
--Example :MaxReceiveRate 1Gbit--
#
MaxSendRate=========================================================================Supported OS : Linux / WindowsFormat : MaxSendRate <bandwidth>-------------------------------------------------------------------------bandwidthDefault : 10GbitRange of Values : unsigned double-length integer=========================================================================
The shaping of sending bandwidth on the transport is set (each connection).
--Example :MaxSendRate 1Gbit--
#
Data Flow Control, File Lock Function#
FileLockRefer to the hcpd configurations.
#
FileLockTrialsRefer to the hcpd configurations.
#
FileLockTrialIntervalRefer to the hcpd configurations.
#
Data Flow Control, Data Buffer Setting#
MaxBufferSize=========================================================================Supported OS : Linux / WindowsFormat : MaxBufferSize <max-buf-size>-------------------------------------------------------------------------max-buf-sizeDefault : 1GBRange of Values : unsigned double-length integer=========================================================================
The maximum memory buffer size allowed to process data is set.
--Example :MaxBufferSize 1GB--
#
UDPTransportExtensionBufferSize=========================================================================Supported OS : Linux / WindowsFormat : UDPTransportExtensionBufferSize <ext-buf-size>-------------------------------------------------------------------------ext-buf-sizeDefault : 2GBRange of Values : unsigned double-length integer (byte)=========================================================================
The extended buffer size for HpFP (UDP) transport is set.
In HpFP sessions, the buffer size for transmission can be extended to the size specified in “hpfp_sndbuf” or “hpfp_rcvbuf” of “UDPListenAddress”, adjusting to delays and packet-losses or an increase of traffic. The total extended buffer is controlled to be up to the specified value.
When “0”, the total buffer size is not controlled.
The default buffer size (before extended) is 1MB.
--Example :UDPTransportExtensionBufferSize 4GB--
#
TCPTransportSocketSendBuffer=========================================================================Supported OS : Linux / WindowsFormat : TCPTransportSocketSendBuffer <snd-buf-size>-------------------------------------------------------------------------snd-buf-sizeFormat : <decimal_number>[[(T|G|M|K)]B]Default : 0Range of Values : unsigned double-length integer (byte)=========================================================================
Specifies a TCP sending buffer size in bytes. 0 indicates no specification of this option.
You need this option to make a performance tuning of TCP on 100G environment. No need to use in ordinary cases.
--Example :TCPTransportSocketSendBuffer 128MB--
#
Data Flow Control, Transfer File Size Control#
MaxReceiveFileSize=========================================================================Supported OS : Linux / WindowsFormat : MaxReceiveFileSize <file-size>-------------------------------------------------------------------------file-sizeDefault : 8EB - 1B (Unlimited. The maximum value of signed double-length integer)Range of Values : signed double-length integer=========================================================================
The maximum file size allowed to receive is set.
--Example :MaxReceiveFileSize 1GB--
#
MaxSendFileSize=========================================================================Supported OS : Linux / WindowsFormat : MaxSendFileSize <file-size>-------------------------------------------------------------------------file-sizeDefault : 8EB - 1B (Unlimited. The maximum value of signed double-length integer)Range of Values : signed double-length integer=========================================================================
The maximum file size allowed to send is set.
--Example :MaxSendFileSize 1GB--
#
Data Flow Control, Message Data Size Control#
InitHeaderBlockSize=========================================================================Supported OS : Linux / WindowsFormat : InitHeaderBlockSize <block-size>-------------------------------------------------------------------------block-sizeDefault : 50KBRange of Values : unsigned double-length integer=========================================================================
The initial header block size is set.
--Example :InitHeaderBlockSize 10KB--
The maximum size allowed to create the header block including several messages such as file requests is set. This option is supposed to apply right after starting the communication.
#
InitContentBlockSize=========================================================================Supported OS : Linux / WindowsFormat : InitContentBlockSize <block-size>-------------------------------------------------------------------------block-sizeDefault : 1MBRange of Values : unsigned double-length integer=========================================================================
The initial content block size is set.
--Example :InitContentBlockSize 2MB--
The maximum size allowed to create the content block including several data of files is set. This option is supposed to apply right after starting the communication.
#
MaxHeaderBlockSize=========================================================================Supported OS : Linux / WindowsFormat : MaxHeaderBlockSize <block-size>-------------------------------------------------------------------------block-sizeDefault : 50KBRange of Values : unsigned double-length integer=========================================================================
The maximum extension size of the header block is set.
--Example :MaxHeaderBlockSize 100KB--
When the transmission starts, the changeable header block size is increased or decreased by sensing the consumed bandwidth. This option gives the max value of the header block size to increase.
#
MaxContentBlockSize=========================================================================Supported OS : Linux / WindowsFormat : MaxContentBlockSize <block-size>-------------------------------------------------------------------------block-sizeDefault : 1MBRange of Values : unsigned double-length integer=========================================================================
The maximum extension size of the content block is set.
When the performance hits a peak in the environment over 10Gbps and others, changing this value along with “InitContentBlockSize” may improve performance.
--Example :MaxContentBlockSize 4MB--
When the transmission starts, the changeable content block size is increased or decreased by sensing the consumed bandwidth. This option gives the max value of the content block size to increase.
#
MaxRequestFileEntryAtOnce=========================================================================Supported OS : Linux / WindowsFormat : MaxRequestFileEntryAtOnce <max-file-req-at-once>-------------------------------------------------------------------------max-file-req-at-onceDefault : 50Range of Values : signed integer=========================================================================
The maximum number allowed to send the file requests simultaneously is set.
--Example :MaxRequestFileEntryAtOnce 1000--
#
Code Transformation, Communication Encoding Negotiation#
TransportCharEncoding=========================================================================Supported OS : Linux / WindowsFormat : TransportCharEncoding <encodings>-------------------------------------------------------------------------encodingsFormat : <encoding>[ ...]Default : UTF8-------------------------------------------------------------------------encodingRange of Values : US-ASCII, UTF8, UTF16, UTF32=========================================================================
The string encoding method used in the transport is configured.
--Example :TransportCharEncoding UTF8 UTF16 US-ASCII--
It is used to exchange strings with the server, such as file path. The encoding is chosen to match the server configuration.
#
Code Transformation, Host Character Encoding#
HostEncoding=========================================================================Supported OS : Linux / WindowsFormat : HostEncoding <encoding>-------------------------------------------------------------------------encodingDefault : UTF-8 (Linux) CP932 (Windows)Range of Values : encoding name supported by system and encoding conversion library (platform-dependent).=========================================================================
The string encoding for the host is configured.
--Example :HostEncoding EUC-JP--
#
Authentication#
LocalPasswordAuthentication=========================================================================Supported OS : Linux / WindowsFormat : LocalPasswordAuthentication <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
LPA authentication is set. When “no”, even though the server requests the authentication, LPA authentication is not executed.
--Example :LocalPasswordAuthentication no--
#
PAMAuthentication=========================================================================Supported OS : Linux / WindowsFormat : PAMAuthentication <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
PAM authentication is set. When “no”, even though the server requests the authentication, PAM authentication is not executed.
--Example :PAMAuthentication no--
#
PubkeyAuthentication=========================================================================Supported OS : Linux / WindowsFormat : PubkeyAuthentication <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
RSA authentication is set. When “no”, even though the server requests the authentication, RSA authentication is not executed.
--Example :PubkeyAuthentication no--
#
WinLogonUserAuthentication=========================================================================Supported OS : Linux / WindowsFormat : WinLogonUserAuthentication <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
Windows authentication is set. When “no”, even though the server requests the authentication, Windows authentication is not executed.
--Example :WinLogonUserAuthentication no--
#
PrivateKeySearchDir=========================================================================Supported OS : Linux / WindowsFormat : PrivateKeySearchDir <flag-available>-------------------------------------------------------------------------flag-availableDefault : /etc/hcp/keys (Linux) C:/ProgramData/Clealink/HCP Tools/keys (Windows)Range of Values : path string of file system=========================================================================
The search directory is configured in order to identify the user private key for RSA authentication.
--Example :PrivateKeySearchDir /etc/hcp/keys--
The following file name in the specified directory is searched as a file which stores the private key.
<user name>.key
This username is the local computer username, not the username of the destination server (that is specified by -u option or used in the login prompt.) In the case that the local computer username is different from the server username, make sure to set the local username.
When a file with the same name as the user name and the following extensions exists in the same directory as the one of the private key, the file is regarded as the client certificate and is aduthenticated.
- crt
- cer
The private key supports the PEM, OpenSSH, and PuTTY (v2 and v3) format. The certificate supports the PEM format.
#
PrivateKeyFile=========================================================================Supported OS : Linux / WindowsFormat : PrivateKeyFile <file-path>-------------------------------------------------------------------------file-pathDefault : ~/.hcp/id_rsa (Linux) ~/_hcp/id_rsa (Windows)Range of Values : the file path which includes the user directory with a tilde (~)=========================================================================
The path of the file with the key in the user home directory is configured in order to identify the user private key for RSA authentication.
--Example :PrivateKeyFile ~/.hcp/id_rsa--
When the specified file and the same name file with the following suffixes both exist, it is regarded as the client certificate and authenticated.
- crt
- cer
The private key supports the PEM, OpenSSH, and PuTTY (v2 and v3) format. The certificate supports the PEM format.
TOKENS of %%, %d, %i, %r and %u is available defined under the following sshd_config.
https://man7.org/linux/man-pages/man5/ssh_config.5.htmlTOKENS - IdentityFile
#
PubkeyAuthenticationPrior=========================================================================Supported OS : Linux / WindowsFormat : PubkeyAuthenticationPrior <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
Whether RSA authentication (public key authentication) takes priority is set.
When “yes”, first, it searchs and loads the RSA key. In the case that it is encrypted, the password to decrypt it is requesed (not supported on the Windows versions). The first successfully loaded RSA key is supposed to be authenticated (the others are ignored). When the RSA key load is not successful, Password authentication is tried.
When “no”, conventional authentication takes place. In the case of missing password, inputting the password is requested, and all authentication methods are tried.
--Example :PubkeyAuthenticationPrior no--
#
Encryption#
AcceptableCryptMethod=========================================================================Supported OS : Linux / WindowsFormat : AcceptableCryptMethod <method-names>-------------------------------------------------------------------------method-namesFormat : <method-name>[ ...]Default : AES256/GCM AES256/CTR/VMAC AES256/CBC AES128/CBC-------------------------------------------------------------------------method-nameRange of Values : PLAIN, AES128/CBC, AES192/CBC, AES256/CBC, AES128/CBC/HMAC,AES192/CBC/HMAC, AES256/CBC/HMAC, AES128/CBC/VMAC, AES192/CBC/VMAC,AES256/CBC/VMAC, AES128/CBC/VMAC64, AES192/CBC/VMAC64, AES256/CBC/VMAC64,AES128/CTR/HMAC, AES192/CTR/HMAC, AES256/CTR/HMAC, AES128/CTR/VMAC,AES192/CTR/VMAC, AES256/CTR/VMAC, AES128/CTR/VMAC64, AES192/CTR/VMAC64,AES256/CTR/VMAC64, AES128/GCM, AES192/GCM, AES256/GCM=========================================================================
The cryptographic algorithm is configured.
When specified AES128/CBC, it is interpreted as AES128/CBC/HMAC (They are the same algorithm. AES192/CBC and AES256/CBC are as well).
When communicating with a host with versions that do not support the new algorithms, such as CTR/GCM mode and VMAC mode, these new algorithms that don’t match the other host are ignored in the connection negotiation. However, still, the communications don’t go to errors.
CTR/VMAC or GCM are recommended on network over 1Gbps, e.g. AES256/GCM, AES256/CTR/VMAC. Encrypted communication using CBC or HMAC, e.g. AES256/CTR/HMAC, AES256/CBC/HMAC, might make a bottle neck in performance on network over 1Gbps generally. VMAC64 checks data integrity with 64 bit, less than 128 bit in VMAC mode, which leads to better performance but less secured data integrity.
--Example :AcceptableCryptMethod AES256/CBC PLAIN--
It is used to encrypt the messages communicated with the server.The algorithm is chosen to match the server configuration.
#
AcceptableDigestMethod=========================================================================Supported OS : Linux / WindowsFormat : AcceptableDigestMethod <method-names>-------------------------------------------------------------------------method-namesFormat : <method-name>[ ...]Default : XXH3 MM128 SHA256 SHA160-------------------------------------------------------------------------method-nameRange of Values : NONE, SHA160, SHA224, SHA256, SHA384, SHA512, MD5, MM32, MM128,XXH3, XXH128, XXH64, XXH32=========================================================================
The digest algorithm for data communication and verification of transferred files is configured.
--Example :AcceptableDigestMethod SHA256 MM128 NONE--
It is used to verify the messages, files, and data blocks communicated with the server.The algorithm is chosen to match the server configuration.
In the case of encryption communications using HMAC like AES256/CBC/HMAC, the algorithms (MD5, MM32, MM128, XXH3, XXH128, XXH64, XXH32) other than the security digest algorithms are regarded as nothing configured.
MM32 and MM128 are deprecated. Please use XXH3 instaed.
#
DisableDataIntegrityChecking=========================================================================Supported OS : Linux / WindowsFormat : DisableDataIntegrityChecking <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
This setting specifies whether to request the server to ignore data integrity checking by MAC in encrypted communications with the server.
When “yes”, it allows to transmit encrypted communication without data integrity checking as long as the server permits it. In the case that the server denies, it follows the setting of “AcceptDataIntegrityCheckingOnRejection” below.
In normal use, “no” (default) is recommended. Note that data integrity checking is not executed in the setting “yes”, which is supposed to be set only to improve the encrypted communication performance.
--Example :DisableDataIntegrityChecking yes--
#
AcceptDataIntegrityCheckingOnRejection=========================================================================Supported OS : Linux / WindowsFormat : AcceptDataIntegrityCheckingOnRejection <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
This setting specifies whether to continue transmitting when the server denies the request to ignore data integrity checking by MAC in encrypted communications.
When “yes”, it continues transmitting with data integrity checking, while in “no”, it stops transmitting and quit the application.
--Example :AcceptDataIntegrityCheckingOnRejection no--
#
Security Negotiation by Encryption Communications#
RequireServerCertificateSecurity=========================================================================Supported OS : Linux / WindowsFormat : RequireServerCertificateSecurity <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
Whether the security communication by the server certificate security function is required or not is set. When “yes”, but this function isn’t enabled on the host, the connection is denied.
--Example :RequireServerCertificateSecurity no--
#
RejectFallbackServerCertificateSecurity=========================================================================Supported OS : Linux / WindowsFormat : RejectFallbackServerCertificateSecurity <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
When the security communication by the server certificate security function can not be established, the fallback to the unsafe communication is rejected.
--Example :RejectFallbackServerCertificateSecurity no--
#
IgnoreCertificateCNInvalid=========================================================================Supported OS : Linux / WindowsFormat : IgnoreCertificateCNInvalid <flag-available>-------------------------------------------------------------------------flag-availableDefault : no Range of Values : yes, no=========================================================================
It is set to ignore identifying the server certificate common name. When “yes”, identification of the server certificate common name with an IP address or a FQDN of the server is omitted.
--Example :IgnoreCertificateCNInvalid yes--
#
IgnoreCertificateDateInvalid=========================================================================Supported OS : Linux / WindowsFormat : IgnoreCertificateDateInvalid <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
It is set to ignore the check of the server certificate expiration. When “yes”, the expiration of the server certificate is not checked.
--Example :IgnoreCertificateDateInvalid yes--
#
IgnoreUnknownCA=========================================================================Supported OS : Linux / WindowsFormat : IgnoreUnknownCA <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
It is set to ignore the check of CA certificates. When “yes”, the intermediate certificate and the root certificate of the server certificate are not checked.
--Example :IgnoreUnknownCA yes--
#
IgnoreRevocation=========================================================================Supported OS : Linux / WindowsFormat : IgnoreRevocation <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
It is set to ignore the certificate revocation check. When “yes”, the certificate revocation is not checked.
--Example :IgnoreRevocation yes--
#
WSSIgnoreCertificateCNInvalid=========================================================================Supported OS : Linux / WindowsFormat : WSSIgnoreCertificateCNInvalid <flag-available>-------------------------------------------------------------------------flag-availableDefault : no Range of Values : yes, no=========================================================================
This option disables validation for common names of server certificates that are sent to the client on communication via WebSocket with SSL/TLS. When yes is set, the WebSocket function dose not make validation to confirm if the common name on the certificate received is identical to an FQDN or IP address specified as the server.
--Example :WSSIgnoreCertificateCNInvalid yes--
#
WSSIgnoreCertificateDateInvalid=========================================================================Supported OS : Linux / WindowsFormat : WSSIgnoreCertificateDateInvalid <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
This option disables validation for expires of server certificates that are sent to the client on communication via WebSocket with SSL/TLS. When yes is set, the WebSocket function dose not make validation to confirm if NotBefore and NotAfter on the certificate received meet the current date and time.
--Example :WSSIgnoreCertificateDateInvalid yes--
#
WSSIgnoreUnknownCA=========================================================================Supported OS : Linux / WindowsFormat : WSSIgnoreUnknownCA <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
This options disables validation for CA certificates bound to server certificate that are sent to the client on communication via WebSocket with SSL/TLS. When yes is set, the WebSocket function dose not make validation to confirm if CA root certificate and itermediate certificates bound to the server certificates are available.
--Example :WSSIgnoreUnknownCA yes--
#
CACertificateFile=========================================================================Supported OS : Linux / WindowsFormat : CACertificateFile <file-path>-------------------------------------------------------------------------file-pathDefault : /etc/hcp/cacert.pem (Linux) C:/ProgramData/Clealink/HCP Tools/cacert.pem (Windows)Range of Values : path string of file system=========================================================================
The file path of the CA certificate for the server certificate is specified.
--Example :CACertificateFile /etc/hcp/cacert.pem--
The PEM format certificates are supported.
#
CACertificatePath (reserved)=========================================================================Supported OS : Linux / WindowsFormat : CACertificatePath <dir-path>-------------------------------------------------------------------------dir-pathDefault : yes /etc/ssl (Linux) C:/ProgramData/Clealink/HCP Tools/ssl (Windows) /usr/local/etc/ssl (Mac)Range of Values : path string of file system=========================================================================
The directory path of the CA certificate for the server certificate is specified.
--Example :CACertificatePath /etc/ssl--
The PEM format certificates are supported.
#
CARevocationFile=========================================================================Supported OS : Linux / WindowsFormat : CARevocationFile <file-path>-------------------------------------------------------------------------file-pathDefault : yes /etc/hcp/crl.pem (Linux) C:/ProgramData/Clealink/HCP Tools/crl.pem (Windows)Range of Values : path string of file system=========================================================================
The file where the certificate revocation list (CRL) is stored for the server certificate is specified.
--Example :CARevocationFile /etc/hcp/crl.pem--
The PEM format certificate revocation list (CRL) is supported.
#
CARevocationPath (reserved)=========================================================================Supported OS : Linux / WindowsFormat : CARevocationPath <dir-path>-------------------------------------------------------------------------dir-pathDefault : yes /etc/ssl (Linux) C:/ProgramData/Clealink/HCP Tools/ssl (Windows)Range of Values : path string of file system=========================================================================
The directory where the certificate revocation list (CRL) is stored for the server certificate is specified.
--Example :CARevocationPath /etc/ssl--
The PEM format certificate revocation list (CRL) is supported.
#
WSSCACertificateFile=========================================================================Supported OS : Linux / WindowsFormat : WSSCACertificateFile <file-path>-------------------------------------------------------------------------file-pathDefault : noneRange of Values : path string of file system=========================================================================
This option specifies a path of a file that includes CA certificates provided for validation of server certificates received on the WebSocket SSL/TLS communication. When this is not set, the WebSocket function will use the default CA certificates it detects.
--Example :WSSCACertificateFile /etc/hcp/cacert.pem--
Certificates in PEM format, generated from OpenSSL tools ordinary, are supported.
#
OCSPRevocationEnabled=========================================================================Supported OS : Linux / WindowsFormat : OCSPRevocationEnabled <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
It sets OCSP (Online Certificate Status Protocol) for the server certificate identification. When “yes”, it is enable.
--Example :OCSPRevocationEnabled no--
#
StrictHostKeyChecking=========================================================================Supported OS : Linux / WindowsFormat : StrictHostKeyChecking <switch>-------------------------------------------------------------------------switchDefault : askRange of Values : ask, yes, no=========================================================================
The policy to accept the server host is set here.
When “ask”, whether to accept unknown keys is confirmed.
When “yes”, it stops authenticating.
When “no”, continue authenticating without confirming.
--Example :StrictHostKeyChecking no--
#
Various Monitoring, Timeout Control#
TransportTimeoutRefer to the hcpd configurations.
#
Log Management#
ApplicationLog=========================================================================Supported OS : Linux / WindowsFormat : ApplicationLog <log-level>[ <flag-available>][ <log-rotation-conf>][ <log-path>]-------------------------------------------------------------------------log-levelDefault : INFORange of Values : EMERG, ALERT, CRIT, ERR, WARNING, INFO, DEBUG-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no-------------------------------------------------------------------------log-rotation-confFormat : ( FileSize <file-size> <backups> | DatePattern <date-pattern> )-------------------------------------------------------------------------file-sizeDefault : noneRange of Values : signed double-length integer-------------------------------------------------------------------------backupsDefault : noneRange of Values : unsigned integer-------------------------------------------------------------------------date-patternDefault : noneRange of Values : yyyy-MM, yyyy-MM-dd, yyyy-MM-dd-HH, yyyy-MM-dd-HH-mm-------------------------------------------------------------------------log-pathDefault : noneRange of Values : path string of file system=========================================================================
The application log settings.
log-level specifies the log level.
With flag-available yes, the log is output.
log-rotation-conf specifies the log rotation. It works in the same way as the rotation behavior set in "SystemLog", although it doesn't rotate periodically.
log-path specifies the log path. When it is set with the command line parameter "-l" simultaneously, the command line parameter setting is applied.
--Example1 :ApplicationLog WARNING FileSize 10MB 10Example2 :ApplicationLog WARNING DatePattern yyyy-MM-ddExample3 :ApplicationLog WARNING // the same as "ApplicationLogLevel"--
#
ApplicationLogLevel=========================================================================Supported OS : Linux / WindowsFormat : ApplicationLogLevel <log-level>-------------------------------------------------------------------------log-levelDefault : INFORange of Values : EMERG, ALERT, CRIT, ERR, WARNING, INFO, DEBUG=========================================================================
The application log level is set.
When it was set along with “ApplicationLog”, only the log level is overwritten.
--Example :ApplicationLogLevel WARNING--
#
ApplicationStatLog=========================================================================Supported OS : Linux / WindowsFormat : ApplicationStatLog <flag-available>[ <log-rotation-conf>]-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no-------------------------------------------------------------------------log-rotation-confFormat : ( FileSize <file-size> <backups> | DatePattern <date-pattern> )-------------------------------------------------------------------------file-sizeDefault : noneRange of Values : signed double-length integer-------------------------------------------------------------------------backupsDefault : noneRange of Values : unsigned integer-------------------------------------------------------------------------date-patternDefault : noneRange of Values : yyyy-MM, yyyy-MM-dd, yyyy-MM-dd-HH, yyyy-MM-dd-HH-mm=========================================================================
The configuration on the application statistics is set.
When “yes” in “flag-available”, the application statistics information is output.
log-rotation-conf specifies the log rotation. It works in the same way as the rotation behavior set in “ApplicationStatLog” on hcpd.
--Example1 :ApplicationStatLog noExample2 :ApplicationStatLog yes FileSize 10MB 10Example3 :ApplicationStatLog yes DatePattern yyyy-MM-dd--
#
TransportStatLog=========================================================================Supported OS : Linux / WindowsFormat : TransportStatLog <flag-available>[ <log-rotation-conf>]-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no-------------------------------------------------------------------------log-rotation-confFormat : ( FileSize <file-size> <backups> | DatePattern <date-pattern> )-------------------------------------------------------------------------file-sizeDefault : noneRange of Values : signed double-length integer-------------------------------------------------------------------------backupsDefault : noneRange of Values : unsigned integer-------------------------------------------------------------------------date-patternDefault : noneRange of Values : yyyy-MM, yyyy-MM-dd, yyyy-MM-dd-HH, yyyy-MM-dd-HH-mm=========================================================================
The configuration on the transport statistics is set.
When “yes” in flag-available, the transport statistics data is output.
log-rotation-conf specifies the rotation rule. It works in the same way as the rotation behavior set in “TransportStatLog” on hcpd.
Based on the paths specified in “FileSize” and “DatePattern” as each criterion, the rotations are carried out as below.
// FileSize cases<specified path>.transport.tcp<specified path>.transport.tcp.1<specified path>.transport.tcp.2...<specified path>.transport.tcp.n// DatePattern cases<specified path>.transport.tcp<specified path>.transport.tcp.2019-12-10<specified path>.transport.tcp.2019-12-09...
The header of the statistics information is not included in rotated files.
--Example1 :TransportStatLog yesExample2 :TransportStatLog yes FileSize 10MB 10Example3 :TransportStatLog yes DatePattern yyyy-MM-dd--
#
ApplicationStatLogSecurityEx=========================================================================Supported OS : Linux / WindowsFormat : ApplicationStatLogSecurityEx <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
Whether to output detailed information on the security in the application statistics log is set.
--Example :ApplicationStatLogSecurityEx no--
#
System Operating Environment Settings, CPU Thread Control#
MaxConcurrentThread=========================================================================Supported OS : LinuxFormat : MaxConcurrentThread <max-threads>-------------------------------------------------------------------------max-threadsDefault : 0Range of Values : signed integer=========================================================================
The maximum number of threads is configured.