mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-05 22:12:21 +00:00
44 lines
2.2 KiB
XML
44 lines
2.2 KiB
XML
|
<clickhouse>
|
||
|
<!-- HTTP API with TLS (HTTPS).
|
||
|
You have to configure certificate to enable this interface.
|
||
|
See the openSSL section below.
|
||
|
-->
|
||
|
<https_port>8443</https_port>
|
||
|
|
||
|
<!-- Native interface with TLS.
|
||
|
You have to configure certificate to enable this interface.
|
||
|
See the openSSL section below.
|
||
|
-->
|
||
|
<!-- <tcp_port_secure>9440</tcp_port_secure> -->
|
||
|
|
||
|
<!-- Used with https_port and tcp_port_secure. Full ssl options list: https://github.com/ClickHouse-Extras/poco/blob/master/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#L71 -->
|
||
|
<openSSL replace="replace">
|
||
|
<server> <!-- Used for https server AND secure tcp port -->
|
||
|
<cacheSessions>false</cacheSessions>
|
||
|
<certificateFile>/etc/clickhouse-server/config.d/server-cert.pem</certificateFile>
|
||
|
<privateKeyFile>/etc/clickhouse-server/config.d/server-key.pem</privateKeyFile>
|
||
|
<dhParamsFile>/etc/clickhouse-server/config.d/dhparam4096.pem</dhParamsFile>
|
||
|
<caConfig>/etc/clickhouse-server/config.d/ca-cert.pem</caConfig>
|
||
|
<disableProtocols>sslv2,sslv3,tlsv1,tlsv1_1,tlsv1_2</disableProtocols>
|
||
|
<!-- <loadDefaultCAFile>true</loadDefaultCAFile> -->
|
||
|
<preferServerCiphers>true</preferServerCiphers>
|
||
|
<requireTLSv1>false</requireTLSv1>
|
||
|
<requireTLSv1_1>false</requireTLSv1_1>
|
||
|
<requireTLSv1_2>false</requireTLSv1_2>
|
||
|
<requireTLSv1_3>true</requireTLSv1_3>
|
||
|
<verificationMode>relaxed</verificationMode>
|
||
|
</server>
|
||
|
<client> <!-- Used for connecting to https dictionary source and secured Zookeeper communication -->
|
||
|
<cacheSessions>false</cacheSessions>
|
||
|
<disableProtocols>sslv2,sslv3,tlsv1,tlsv1_1,tlsv1_2</disableProtocols>
|
||
|
<loadDefaultCAFile>true</loadDefaultCAFile>
|
||
|
<preferServerCiphers>true</preferServerCiphers>
|
||
|
<requireTLSv1>false</requireTLSv1>
|
||
|
<requireTLSv1_1>false</requireTLSv1_1>
|
||
|
<requireTLSv1_2>false</requireTLSv1_2>
|
||
|
<requireTLSv1_3>true</requireTLSv1_3>
|
||
|
<verificationMode>relaxed</verificationMode>
|
||
|
</client>
|
||
|
</openSSL>
|
||
|
</clickhouse>
|
||
|
|