Sslusessl Option

From Messaging Server Technical Reference Wiki
Jump to: navigation, search


Updated in release: 8.0


If a server certificate is installed and the sslusessl option is not set to 0, then STARTTLS is enabled on the selected server (listening at its regular port).

Use with elasticsearch

The sslusessl Elasticsearch option will require use of SSL when communicating with Elasticsearch. This option is only used when the store.searchengine option is set to elastic.


The default value in this context is: 0


See also:

Use with isc_client

Flag to enable SSL for ISC server connections. SSL is disabled by default. If this option is set to 1, then the corresponding isc.sslusessl option must also be set to 1 on the host(s) specified by isc_client.ischosts.


The default value in this context is: 0

Use with isc

Flag to enable SSL for ISC server connections. SSL is disabled by default. If this option is set to 1, then the corresponding isc_client.sslusessl option must also be set to 1 on the LMTP host(s), and the fit.sslusessl option must be set to 1 on the Cassandra host(s) that connect to this ISC server.

If this option is set to 1, then the base.ssljkspath and base.ssljkspassword options must be set to the Java SSL keystore path and the Java keystore password respectively.


The default value in this context is: 0


See also:

Use with deploymap

Setting sslusessl to 1 instructs Deployment Map clients and servers to require the use of SSL (also known as TLS). When enabled on the server, the server will not allow clients to authenticate without first having successfully negotiated SSL. When enabled on the client, the client will negotiate SSL before attempting to authenticate. If the server does not advertise the TLS capability, then the client will not authenticate.

A server with this option enabled must also have the deploymap.capability_starttls option enabled (local.deploymap.capability.starttls in a legacy configuration).


The default value in this context is: 0


See also:

Use with metermaid

Setting the sslusessl MeterMaid option to 1 directs MeterMaid to expect that incoming connections will be SSL-enabled. Enabling this option requires that you also set the corresponding MeterMaid client sslusessl option.


The default value in this context is: 0


See also:

Use with metermaid_client

Setting the MeterMaid client option  sslusessl to 1 directs the metermaid_client to connect to the MeterMaid server using SSL. This option also sets the default for the remote_server's sslusessl option.

Note that if configuring a MeterMaid client to use SSL to connect to a MeterMaid server, that MeterMaid server should also be configured to support SSL use; on the host where that MeterMaid server runs, see its metermaid.sslusessl option.


The default value in this context is: 0


See also:

Use with remote_server

Setting sslusessl to 1 in a MeterMaid client named remote_server group directs the metermaid_client to connect to the specified MeterMaid remote_server using SSL. Note that the default value for this option is the same as the value specified for the global metermaid_client.sslusessl option. If that value is set to 1, this option will default to 1.


See also:

Use with http

Starting with the 8.0 release, this option has no effect on the mshttpd server.

As regards listening at a separate sslport, note that for the 7.0.5 release, the sslusessl option must be explicitly set to 1 (even though the default was 1) as well as setting http.enablesslport to enable SSL connections on a separate sslport.


The default value in this context is: 1


See also:

Use with imap

If a server certificate is installed and the sslusessl IMAP option is not set to 0, then STARTTLS is enabled on the IMAP server (listening at its regular port).

As regards listening at a separate sslport, note that for the 7.0.5 release, the sslusessl option must be explicitly set to 1 (even though the default was 1) as well as setting imap.enablesslport to enable SSL connections on a separate sslport. For the 8.0 release, it is no longer necessary to explicitly set this option in order to enable SSL connections on a separate port.


The default value in this context is: 1


See also:

Use with pop

If a server certificate is installed and the sslusessl POP option is not set to 0, then STARTTLS is enabled on the POP server (listening at its regular port).

As regards listening at a separate sslport, note that for the 7.0.5 release, the sslusessl option must be explicitly set to 1 (even though the default was 1) as well as setting pop.enablesslport to enable SSL connections on a separate sslport. For the 8.0 release, it is no longer necessary to explicitly set this option in order to enable SSL connections on a separate port.


The default value in this context is: 1


See also:

Use with indexer

If the sslusessl Indexer option is set to 1, then the IMAP server uses SSL to authenticate to the ISS, connecting to the port specified by the port Indexer option (service.imap.indexer.port option in legacy configuration).


The default value in this context is: 0


See also:


See also: