Configuring Secure Messaging with HTTPS

HydraExpress : HydraExpress User Guide : PART II The HydraExpress Agent : Overview of Agent Configuration : Configuring the Agent : Configuring Secure Messaging with HTTPS

The HydraExpress Agent automatically handles messages sent on secure transports (HTTPS) through its HTTPS connector. The default port for receiving HTTPS requests is 8443. Use this connector for encrypted connections between the client and the server.

The HTTPS connector is configured in the main Agent configuration file, rwagent.xml, located in your <installdir>\conf directory, under the element <rwsf:connector name="HTTPS (HTTP/1.1)">

Table 4 lists the configurable properties.

Table 4 – HTTPS connector properties
Property name	Types	Description
accepter-threads	int	Specifies the number of threads that should be spawned listening for new connections. Default: 1.
thread-pool-min	int	The minimum number of threads to be created in the thread pool. Default: 5.
thread-pool-max	int	The maximum number of threads to be created in the thread pool. Default: 10.
port	string	Port name used to create a listener socket. Default: 8443.
request-backlog	int	The number of pending connection requests allowed before the system starts refusing connections. Default: 5.
request-buffersize	long	Size of the buffer used to receive incoming messages. Smaller values may result in slower performance. Larger values may result in wasted space. Default: 4096. If no value is specified, the default is no buffering.
request-timeout	long	Timeout used when returning a request to the client. The value is specified in milliseconds. Default: 30000. If not specified, the listener blocks indefinitely.
ssl-quiet-shutdown	bool	During normal shutdown of an SSL connection, both sides will attempt to perform a final handshake indicating that each has agreed to close the connection. If one side closes the connection before the other can send its part of the handshake, this operation can fail with an exception or signal. This property disables this final handshake. Default: false.
ssl-trusted-certificates	string	The file that contains the trusted certificate chain used in authentication. This property is mandatory if performing server authentication. This property cannot be changed until the transport disconnects. Default: none
ssl-certificate	string	The file that contains the X.509 Certificate for the client. This property is mandatory if performing server authentication. This property cannot be changed until the transport disconnects.¹ Default: ${RWSF_CONF}/certs/localhost.crt
ssl-private-key	string	The file that contains the Private Key for the client. This property is mandatory if performing server authentication. This property cannot be changed until the transport disconnects.1 Default: ${RWSF_CONF}/certs/localhost.key
ssl-callback-method	string	The library and method name of the callback method that OpenSSL will use to retrieve the password for the private key. Usage: libraryName.methodName Default: none
security-init-seed	string	The seed for the random number generator. This value cannot be changed until the transport disconnects. Default: none. Set this property only to override the OpenSSL default functionality.
security-init-seed-type	string	If this property is set to string, it indicates that the security-init-seed property contains a seed string. If set to filename, it indicates that the security-init-seed property contains the name of a file holding the seed. Default: none. Set this property only to override the OpenSSL default functionality.

¹ Provided certificate and key should be used for testing purposes only.