thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-20 08:40:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
070a39543b
ClickHouse/tests/integration/test_tlsv1_3/configs/ssl_config.xml
Larry Luo 1239ee4b31 update ssl config
2022-06-23 12:11:18 -07:00

44 lines
2.2 KiB
XML
Raw Blame History

<clickhouse>
<!-- HTTP API with TLS (HTTPS).
You have to configure certificate to enable this interface.
See the openSSL section below.
-->
<https_port>8443</https_port>
<!-- Native interface with TLS.
You have to configure certificate to enable this interface.
See the openSSL section below.
-->
<!-- <tcp_port_secure>9440</tcp_port_secure> -->
<!-- Used with https_port and tcp_port_secure. Full ssl options list: https://github.com/ClickHouse-Extras/poco/blob/master/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#L71 -->
<openSSL replace="replace">
<server> <!-- Used for https server AND secure tcp port -->
<cacheSessions>false</cacheSessions>
<certificateFile>/etc/clickhouse-server/config.d/server-cert.pem</certificateFile>
<privateKeyFile>/etc/clickhouse-server/config.d/server-key.pem</privateKeyFile>
<dhParamsFile>/etc/clickhouse-server/config.d/dhparam4096.pem</dhParamsFile>
<caConfig>/etc/clickhouse-server/config.d/ca-cert.pem</caConfig>
<disableProtocols>sslv2,sslv3,tlsv1,tlsv1_1,tlsv1_2</disableProtocols>
<!-- <loadDefaultCAFile>true</loadDefaultCAFile> -->
<preferServerCiphers>true</preferServerCiphers>
<requireTLSv1>false</requireTLSv1>
<requireTLSv1_1>false</requireTLSv1_1>
<requireTLSv1_2>false</requireTLSv1_2>
<requireTLSv1_3>true</requireTLSv1_3>
<verificationMode>relaxed</verificationMode>
</server>
<client> <!-- Used for connecting to https dictionary source and secured Zookeeper communication -->
<cacheSessions>false</cacheSessions>
<disableProtocols>sslv2,sslv3,tlsv1,tlsv1_1,tlsv1_2</disableProtocols>
<loadDefaultCAFile>true</loadDefaultCAFile>
<preferServerCiphers>true</preferServerCiphers>
<requireTLSv1>false</requireTLSv1>
<requireTLSv1_1>false</requireTLSv1_1>
<requireTLSv1_2>false</requireTLSv1_2>
<requireTLSv1_3>true</requireTLSv1_3>
<verificationMode>relaxed</verificationMode>
</client>
</openSSL>
</clickhouse>
Reference in New Issue View Git Blame Copy Permalink