Browse code

modules: readme files regenerated - tls ... [skip ci]

Kamailio Dev authored on 11/06/2021 09:16:29
Showing 1 changed files
... ...
@@ -43,34 +43,32 @@ Olle E. Johansson
43 43
               10.9. require_certificate (boolean)
44 44
               10.10. cipher_list (string)
45 45
               10.11. server_name (string)
46
-              10.12. send_timeout (int)
47
-              10.13. handshake_timeout (int)
48
-              10.14. connection_timeout (int)
49
-              10.15. tls_disable_compression (boolean)
50
-              10.16. ssl_release_buffers (integer)
51
-              10.17. ssl_freelist_max_len (integer)
52
-              10.18. ssl_max_send_fragment (integer)
53
-              10.19. ssl_read_ahead (boolean)
54
-              10.20. send_close_notify (boolean)
55
-              10.21. con_ct_wq_max (integer)
56
-              10.22. ct_wq_max (integer)
57
-              10.23. ct_wq_blk_size (integer)
58
-              10.24. tls_log (int)
59
-              10.25. tls_debug (int)
60
-              10.26. low_mem_threshold1 (integer)
61
-              10.27. low_mem_threshold2 (integer)
62
-              10.28. tls_force_run (boolean)
63
-              10.29. session_cache (boolean)
64
-              10.30. session_id (str)
65
-              10.31. renegotiation (boolean)
66
-              10.32. config (string)
67
-              10.33. xavp_cfg (string)
68
-              10.34. event_callback (str)
69
-              10.35. rand_engine (str)
70
-              10.36. engine (string)
71
-              10.37. engine_config (string)
72
-              10.38. engine_algorithms (string)
73
-              10.39. verify_client (string)
46
+              10.12. connection_timeout (int)
47
+              10.13. tls_disable_compression (boolean)
48
+              10.14. ssl_release_buffers (integer)
49
+              10.15. ssl_freelist_max_len (integer)
50
+              10.16. ssl_max_send_fragment (integer)
51
+              10.17. ssl_read_ahead (boolean)
52
+              10.18. send_close_notify (boolean)
53
+              10.19. con_ct_wq_max (integer)
54
+              10.20. ct_wq_max (integer)
55
+              10.21. ct_wq_blk_size (integer)
56
+              10.22. tls_log (int)
57
+              10.23. tls_debug (int)
58
+              10.24. low_mem_threshold1 (integer)
59
+              10.25. low_mem_threshold2 (integer)
60
+              10.26. tls_force_run (boolean)
61
+              10.27. session_cache (boolean)
62
+              10.28. session_id (str)
63
+              10.29. renegotiation (boolean)
64
+              10.30. config (string)
65
+              10.31. xavp_cfg (string)
66
+              10.32. event_callback (str)
67
+              10.33. rand_engine (str)
68
+              10.34. engine (string)
69
+              10.35. engine_config (string)
70
+              10.36. engine_algorithms (string)
71
+              10.37. verify_client (string)
74 72
 
75 73
         11. Functions
76 74
 
... ...
@@ -175,34 +173,32 @@ Chapter 1. Admin Guide
175 173
         10.9. require_certificate (boolean)
176 174
         10.10. cipher_list (string)
177 175
         10.11. server_name (string)
178
-        10.12. send_timeout (int)
179
-        10.13. handshake_timeout (int)
180
-        10.14. connection_timeout (int)
181
-        10.15. tls_disable_compression (boolean)
182
-        10.16. ssl_release_buffers (integer)
183
-        10.17. ssl_freelist_max_len (integer)
184
-        10.18. ssl_max_send_fragment (integer)
185
-        10.19. ssl_read_ahead (boolean)
186
-        10.20. send_close_notify (boolean)
187
-        10.21. con_ct_wq_max (integer)
188
-        10.22. ct_wq_max (integer)
189
-        10.23. ct_wq_blk_size (integer)
190
-        10.24. tls_log (int)
191
-        10.25. tls_debug (int)
192
-        10.26. low_mem_threshold1 (integer)
193
-        10.27. low_mem_threshold2 (integer)
194
-        10.28. tls_force_run (boolean)
195
-        10.29. session_cache (boolean)
196
-        10.30. session_id (str)
197
-        10.31. renegotiation (boolean)
198
-        10.32. config (string)
199
-        10.33. xavp_cfg (string)
200
-        10.34. event_callback (str)
201
-        10.35. rand_engine (str)
202
-        10.36. engine (string)
203
-        10.37. engine_config (string)
204
-        10.38. engine_algorithms (string)
205
-        10.39. verify_client (string)
176
+        10.12. connection_timeout (int)
177
+        10.13. tls_disable_compression (boolean)
178
+        10.14. ssl_release_buffers (integer)
179
+        10.15. ssl_freelist_max_len (integer)
180
+        10.16. ssl_max_send_fragment (integer)
181
+        10.17. ssl_read_ahead (boolean)
182
+        10.18. send_close_notify (boolean)
183
+        10.19. con_ct_wq_max (integer)
184
+        10.20. ct_wq_max (integer)
185
+        10.21. ct_wq_blk_size (integer)
186
+        10.22. tls_log (int)
187
+        10.23. tls_debug (int)
188
+        10.24. low_mem_threshold1 (integer)
189
+        10.25. low_mem_threshold2 (integer)
190
+        10.26. tls_force_run (boolean)
191
+        10.27. session_cache (boolean)
192
+        10.28. session_id (str)
193
+        10.29. renegotiation (boolean)
194
+        10.30. config (string)
195
+        10.31. xavp_cfg (string)
196
+        10.32. event_callback (str)
197
+        10.33. rand_engine (str)
198
+        10.34. engine (string)
199
+        10.35. engine_config (string)
200
+        10.36. engine_algorithms (string)
201
+        10.37. verify_client (string)
206 202
 
207 203
    11. Functions
208 204
 
... ...
@@ -597,34 +593,32 @@ Place holder
597 593
    10.9. require_certificate (boolean)
598 594
    10.10. cipher_list (string)
599 595
    10.11. server_name (string)
600
-   10.12. send_timeout (int)
601
-   10.13. handshake_timeout (int)
602
-   10.14. connection_timeout (int)
603
-   10.15. tls_disable_compression (boolean)
604
-   10.16. ssl_release_buffers (integer)
605
-   10.17. ssl_freelist_max_len (integer)
606
-   10.18. ssl_max_send_fragment (integer)
607
-   10.19. ssl_read_ahead (boolean)
608
-   10.20. send_close_notify (boolean)
609
-   10.21. con_ct_wq_max (integer)
610
-   10.22. ct_wq_max (integer)
611
-   10.23. ct_wq_blk_size (integer)
612
-   10.24. tls_log (int)
613
-   10.25. tls_debug (int)
614
-   10.26. low_mem_threshold1 (integer)
615
-   10.27. low_mem_threshold2 (integer)
616
-   10.28. tls_force_run (boolean)
617
-   10.29. session_cache (boolean)
618
-   10.30. session_id (str)
619
-   10.31. renegotiation (boolean)
620
-   10.32. config (string)
621
-   10.33. xavp_cfg (string)
622
-   10.34. event_callback (str)
623
-   10.35. rand_engine (str)
624
-   10.36. engine (string)
625
-   10.37. engine_config (string)
626
-   10.38. engine_algorithms (string)
627
-   10.39. verify_client (string)
596
+   10.12. connection_timeout (int)
597
+   10.13. tls_disable_compression (boolean)
598
+   10.14. ssl_release_buffers (integer)
599
+   10.15. ssl_freelist_max_len (integer)
600
+   10.16. ssl_max_send_fragment (integer)
601
+   10.17. ssl_read_ahead (boolean)
602
+   10.18. send_close_notify (boolean)
603
+   10.19. con_ct_wq_max (integer)
604
+   10.20. ct_wq_max (integer)
605
+   10.21. ct_wq_blk_size (integer)
606
+   10.22. tls_log (int)
607
+   10.23. tls_debug (int)
608
+   10.24. low_mem_threshold1 (integer)
609
+   10.25. low_mem_threshold2 (integer)
610
+   10.26. tls_force_run (boolean)
611
+   10.27. session_cache (boolean)
612
+   10.28. session_id (str)
613
+   10.29. renegotiation (boolean)
614
+   10.30. config (string)
615
+   10.31. xavp_cfg (string)
616
+   10.32. event_callback (str)
617
+   10.33. rand_engine (str)
618
+   10.34. engine (string)
619
+   10.35. engine_config (string)
620
+   10.36. engine_algorithms (string)
621
+   10.37. verify_client (string)
628 622
 
629 623
 10.1. tls_method (string)
630 624
 
... ...
@@ -879,19 +873,7 @@ modparam("tls", "cipher_list", "HIGH")
879 873
 modparam("tls", "server_name", "kamailio.org")
880 874
 ...
881 875
 
882
-10.12. send_timeout (int)
883
-
884
-   This parameter is obsolete and cannot be used in newer TLS versions (>
885
-   Kamailio 3.0). In these versions the send_timeout is replaced by
886
-   tcp_send_timeout (common with all the tcp connections).
887
-
888
-10.13. handshake_timeout (int)
889
-
890
-   This parameter is obsolete and cannot be used in newer TLS versions (>
891
-   Kamailio 3.0). In these versions the handshake_timeout is replaced by
892
-   tcp_connect_timeout (common with all the tcp connections).
893
-
894
-10.14. connection_timeout (int)
876
+10.12. connection_timeout (int)
895 877
 
896 878
    Sets the amount of time after which an idle TLS connection will be
897 879
    closed, if no I/O ever occurred after the initial open. If an I/O event
... ...
@@ -913,7 +895,7 @@ modparam("tls", "connection_timeout", 60)
913 895
    Example 1.15. Set tls.connection_timeout at runtime
914 896
  $ kamcmd cfg.set_now_int tls connection_timeout 180
915 897
 
916
-10.15. tls_disable_compression (boolean)
898
+10.13. tls_disable_compression (boolean)
917 899
 
918 900
    If set compression over TLS will be disabled. Note that compression
919 901
    uses a lot of memory (about 10x more then with the compression
... ...
@@ -928,7 +910,7 @@ modparam("tls", "connection_timeout", 60)
928 910
 modparam("tls", "tls_disable_compression", 0) # enable
929 911
 ...
930 912
 
931
-10.16. ssl_release_buffers (integer)
913
+10.14. ssl_release_buffers (integer)
932 914
 
933 915
    Release internal OpenSSL read or write buffers as soon as they are no
934 916
    longer needed. Combined with ssl_freelist_max_len has the potential of
... ...
@@ -950,7 +932,7 @@ Note
950 932
    Example 1.17. Set ssl_release_buffers parameter
951 933
 modparam("tls", "ssl_release_buffers", 1)
952 934
 
953
-10.17. ssl_freelist_max_len (integer)
935
+10.15. ssl_freelist_max_len (integer)
954 936
 
955 937
    Sets the maximum number of free memory chunks, that OpenSSL will keep
956 938
    per connection. Setting it to 0 would cause any unused memory chunk to
... ...
@@ -973,7 +955,7 @@ Note
973 955
    Example 1.18. Set ssl_freelist_max_len parameter
974 956
 modparam("tls", "ssl_freelist_max_len", 0)
975 957
 
976
-10.18. ssl_max_send_fragment (integer)
958
+10.16. ssl_max_send_fragment (integer)
977 959
 
978 960
    Sets the maximum number of bytes (from the clear text) sent into one
979 961
    TLS record. Valid values are between 512 and 16384. Note however that
... ...
@@ -1008,7 +990,7 @@ Note
1008 990
    Example 1.19. Set ssl_max_send_fragment parameter
1009 991
 modparam("tls", "ssl_max_send_fragment", 4096)
1010 992
 
1011
-10.19. ssl_read_ahead (boolean)
993
+10.17. ssl_read_ahead (boolean)
1012 994
 
1013 995
    Enables read ahead, reducing the number of internal OpenSSL BIO read()
1014 996
    calls. This option has only debugging value, in normal circumstances it
... ...
@@ -1030,7 +1012,7 @@ modparam("tls", "ssl_max_send_fragment", 4096)
1030 1012
    Example 1.20. Set ssl_read_ahead parameter
1031 1013
 modparam("tls", "ssl_read_ahead", 1)
1032 1014
 
1033
-10.20. send_close_notify (boolean)
1015
+10.18. send_close_notify (boolean)
1034 1016
 
1035 1017
    Enables/disables sending close notify alerts prior to closing the
1036 1018
    corresponding TCP connection. Sending the close notify prior to TCP
... ...
@@ -1051,7 +1033,7 @@ modparam("tls", "send_close_notify", 1)
1051 1033
    Example 1.22. Set tls.send_close_notify at runtime
1052 1034
  $ kamcmd cfg.set_now_int tls send_close_notify 1
1053 1035
 
1054
-10.21. con_ct_wq_max (integer)
1036
+10.19. con_ct_wq_max (integer)
1055 1037
 
1056 1038
    Sets the maximum allowed per connection clear-text send queue size in
1057 1039
    bytes. This queue is used when data cannot be encrypted and sent
... ...
@@ -1070,7 +1052,7 @@ modparam("tls", "con_ct_wq_max", 1048576)
1070 1052
    Example 1.24. Set tls.con_ct_wq_max at runtime
1071 1053
  $ kamcmd cfg.set_now_int tls con_ct_wq_max 1048576
1072 1054
 
1073
-10.22. ct_wq_max (integer)
1055
+10.20. ct_wq_max (integer)
1074 1056
 
1075 1057
    Sets the maximum total number of bytes queued in all the clear-text
1076 1058
    send queues. These queues are used when data cannot be encrypted and
... ...
@@ -1089,7 +1071,7 @@ modparam("tls", "ct_wq_max", 4194304)
1089 1071
    Example 1.26. Set tls.ct_wq_max at runtime
1090 1072
  $ kamcmd cfg.set_now_int tls ct_wq_max 4194304
1091 1073
 
1092
-10.23. ct_wq_blk_size (integer)
1074
+10.21. ct_wq_blk_size (integer)
1093 1075
 
1094 1076
    Minimum block size for the internal clear-text send queues (debugging /
1095 1077
    advanced tuning). Good values are multiple of typical datagram sizes.
... ...
@@ -1107,7 +1089,7 @@ modparam("tls", "ct_wq_blk_size", 2048)
1107 1089
    Example 1.28. Set tls.ct_wq_max at runtime
1108 1090
  $ kamcmd cfg.set_now_int tls ct_wq_blk_size 2048
1109 1091
 
1110
-10.24. tls_log (int)
1092
+10.22. tls_log (int)
1111 1093
 
1112 1094
    Sets the log level at which TLS related messages will be logged.
1113 1095
 
... ...
@@ -1125,7 +1107,7 @@ modparam("tls", "tls_log", 10)
1125 1107
    Example 1.30. Set tls.log at runtime
1126 1108
  $ kamcmd cfg.set_now_int tls log 10
1127 1109
 
1128
-10.25. tls_debug (int)
1110
+10.23. tls_debug (int)
1129 1111
 
1130 1112
    Sets the log level at which TLS debug messages will be logged. Note
1131 1113
    that TLS debug messages are enabled only if the TLS module is compiled
... ...
@@ -1146,7 +1128,7 @@ modparam("tls", "tls_debug", 10)
1146 1128
    Example 1.32. Set tls.debug at runtime
1147 1129
  $ kamcmd cfg.set_now_int tls debug 10
1148 1130
 
1149
-10.26. low_mem_threshold1 (integer)
1131
+10.24. low_mem_threshold1 (integer)
1150 1132
 
1151 1133
    Sets the minimal free memory from which attempts to open or accept new
1152 1134
    TLS connections will start to fail. The value is expressed in KB.
... ...
@@ -1177,7 +1159,7 @@ modparam("tls", "low_mem_threshold1", -1)
1177 1159
    Example 1.34. Set tls.low_mem_threshold1 at runtime
1178 1160
  $ kamcmd cfg.set_now_int tls low_mem_threshold1 2048
1179 1161
 
1180
-10.27. low_mem_threshold2 (integer)
1162
+10.25. low_mem_threshold2 (integer)
1181 1163
 
1182 1164
    Sets the minimal free memory from which TLS operations on already
1183 1165
    established TLS connections will start to fail preemptively. The value
... ...
@@ -1209,7 +1191,7 @@ modparam("tls", "low_mem_threshold2", -1)
1209 1191
    Example 1.36. Set tls.low_mem_threshold2 at runtime
1210 1192
  $ kamcmd cfg.set_now_int tls low_mem_threshold2 1024
1211 1193
 
1212
-10.28. tls_force_run (boolean)
1194
+10.26. tls_force_run (boolean)
1213 1195
 
1214 1196
    If enabled Kamailio will start even if some of the OpenSSL sanity
1215 1197
    checks fail (turn it on at your own risk).
... ...
@@ -1229,7 +1211,7 @@ modparam("tls", "low_mem_threshold2", -1)
1229 1211
 modparam("tls", "tls_force_run", 11)
1230 1212
 ...
1231 1213
 
1232
-10.29. session_cache (boolean)
1214
+10.27. session_cache (boolean)
1233 1215
 
1234 1216
    If enabled Kamailio will do caching of the TLS sessions data,
1235 1217
    generation a session_id and sending it back to client.
... ...
@@ -1241,7 +1223,7 @@ modparam("tls", "tls_force_run", 11)
1241 1223
 modparam("tls", "session_cache", 1)
1242 1224
 ...
1243 1225
 
1244
-10.30. session_id (str)
1226
+10.28. session_id (str)
1245 1227
 
1246 1228
    The value for session ID context, making sense when session caching is
1247 1229
    enabled.
... ...
@@ -1253,7 +1235,7 @@ modparam("tls", "session_cache", 1)
1253 1235
 modparam("tls", "session_id", "my-session-id-context")
1254 1236
 ...
1255 1237
 
1256
-10.31. renegotiation (boolean)
1238
+10.29. renegotiation (boolean)
1257 1239
 
1258 1240
    If enabled Kamailio will allow renegotiations of TLS connection
1259 1241
    initiated by the client. This may expose to a security risk if the
... ...
@@ -1267,7 +1249,7 @@ modparam("tls", "session_id", "my-session-id-context")
1267 1249
 modparam("tls", "renegotiation", 1)
1268 1250
 ...
1269 1251
 
1270
-10.32. config (string)
1252
+10.30. config (string)
1271 1253
 
1272 1254
    Sets the name of the TLS specific configuration file or configuration
1273 1255
    directory.
... ...
@@ -1409,7 +1391,7 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
1409 1391
  $ kamcmd cfg.set_now_string tls config "/usr/local/etc/kamailio/new_tls.cfg"
1410 1392
  $ kamcmd tls.reload
1411 1393
 
1412
-10.33. xavp_cfg (string)
1394
+10.31. xavp_cfg (string)
1413 1395
 
1414 1396
    Sets the name of XAVP that stores attributes for TLS connections.
1415 1397
 
... ...
@@ -1434,7 +1416,7 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
1434 1416
   route(RELAY);
1435 1417
 ...
1436 1418
 
1437
-10.34. event_callback (str)
1419
+10.32. event_callback (str)
1438 1420
 
1439 1421
    The name of the function in the kemi configuration file (embedded
1440 1422
    scripting language such as Lua, Python, ...) to be executed instead of
... ...
@@ -1456,7 +1438,7 @@ function ksr_tls_event(evname)
1456 1438
 end
1457 1439
 ...
1458 1440
 
1459
-10.35. rand_engine (str)
1441
+10.33. rand_engine (str)
1460 1442
 
1461 1443
    Set the random number generator engine for libssl.
1462 1444
 
... ...
@@ -1484,7 +1466,7 @@ end
1484 1466
 modparam("tls", "rand_engine", "fastrand")
1485 1467
 ...
1486 1468
 
1487
-10.36. engine (string)
1469
+10.34. engine (string)
1488 1470
 
1489 1471
    If OpenSSL is compiled with engine support this will allow algorithms
1490 1472
    to be offloaded and private keys from HSM to be used. Currently only a
... ...
@@ -1510,13 +1492,13 @@ modparam("tls", "engine_algorithms", "ALL")
1510 1492
    By default OpenSSL engine support is disabled (NONE). This global param
1511 1493
    is not supported in the tls config file.
1512 1494
 
1513
-10.37. engine_config (string)
1495
+10.35. engine_config (string)
1514 1496
 
1515 1497
    A OpenSSL configuration file to initialize the engine. Typically used
1516 1498
    to send PIN to HSMs to unlock private keys. See the HSM howto for an
1517 1499
    example. This global param is not supported in the tls config file.
1518 1500
 
1519
-10.38. engine_algorithms (string)
1501
+10.36. engine_algorithms (string)
1520 1502
 
1521 1503
    A list of cryptographic methods to be set as default in the engine.
1522 1504
    This is a comma-separated list of values from ALL RSA DSA DH EC RAND
... ...
@@ -1526,7 +1508,7 @@ modparam("tls", "engine_algorithms", "ALL")
1526 1508
    The default is not to set any methods as default. This global param is
1527 1509
    not supported in the tls config file.
1528 1510
 
1529
-10.39. verify_client (string)
1511
+10.37. verify_client (string)
1530 1512
 
1531 1513
    Provides an alternative to verify_certificate and require_certificate
1532 1514
    modparam and tls.cfg parameters, and creates an additional