Is It Possible For Enpd To Require SSL?
(Doc ID 2777455.1)
Last updated on MAY 26, 2021
Applies to:Oracle Communications Messaging Server - Version 8.1.0 and later
Information in this document applies to any platform.
Qn1: Is it possible to make enpd require SSL?
The following configuration exists:
role.ens.domainallowed = +ALL:127.0.0.1/32,host1.example.com,host2.example.com,host3.sub.example.com,host4.sub.example.com
Using +ENS instead of +ALL was attempted, but that did not seem to work.
The goal is to allow plain text connections from 127.0.0.1 and also require SSL on connections from the stated hosts.
Requiring SSL on all would be fine too.
Qn2: Does the wrappers code have a name for ENS? Additionally, what about a name for ENS over SSL?
For example, for IMAP, you can specify "IMAP" or "IMAPS". If you specify "+IMAPS", it means IMAP over SSL is allowed but without SSL is not allowed.
The second question: Would the SSL variant be "ENPDS"?
Qn3: How would I disable the non-SSL enpd port?
Getting the systems to use SSL seems easy enough. If ensusessl is set, they use SSL.
How do I prevent anything else from trying to use the non-SSL port?
I want to *require* SSL.
If the ensusessl option of the notifytarget is set, then the TLS/SSL will be used to communicate with the host defined by the options ensHost and ensPort, in the notifytarget plugin.
I think this is the default.
Since ISS was turned off, the setting of the notifytarget option has been removed. The default "ms-internal" option is being used and it seems to have automatically noticed that ensusessl is set.
The concern is not so much "allowing" it to use SSL, or telling the various things to use SSL. That all seems to be working.
The goal is prevent anything from using the non-SSL port.
Is it possible to disable the non-SSL port?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document