1tlshd.conf(5)                 File Formats Manual                tlshd.conf(5)
2
3
4

NAME

6       tlshd.conf - tlshd configuration file
7

SYNOPSIS

9       /etc/tlshd.conf
10

DESCRIPTION

12       The  tlshd  program implements a user agent that services TLS handshake
13       requests on behalf of kernel TLS  consumers.   Its  configuration  file
14       contains  information  that  the  program reads when it starts up.  The
15       file is designed to be human readable and contains a list  of  keywords
16       with  values that provide various types of information.  The configura‐
17       tion file is considered a trusted source of information.
18
19       The tlshd program reads this file  once  when  it  is  launched.   Thus
20       changes  made  in  this file take effect only when the tlshd program is
21       restarted.  If this file does not exist, the tlshd program exits  imme‐
22       diately.
23

OPTIONS

25       The configuration file is split into sections.
26
27       The [debug] section specifies debugging settings for the tlshd program.
28       In this section, there are three available options:
29
30       loglevel
31              This option specifies an integer which indicates the debug  mes‐
32              sage level.  Zero, the quietest setting, is the default.
33
34       tls    This  option specifies an integer which indicates the debug mes‐
35              sage level for TLS library calls.  Zero, the  quietest  setting,
36              is the default.
37
38       nl     This  option specifies an integer which indicates the debug mes‐
39              sage level for netlink library calls.  Zero, the  quietest  set‐
40              ting, is the default.
41
42       The  [authentication] section specifies default authentication material
43       when establishing TLS sessions.  In this section, there is  one  avail‐
44       able option:
45
46       keyrings
47              This  option  specifies  a semicolon-separated list of auxiliary
48              keyrings that contain handshake  authentication  tokens.   tlshd
49              links  these  keyrings into its session keyring.  The configura‐
50              tion file may specify either a keyring's name or serial  number.
51              The default is to provide no keyring.
52
53       And, in this section, there are two subsections: [client] and [server].
54       The tlshd program consults the settings in the [client] subsection when
55       handling the client end of a handshake, and it consults the settings in
56       the [server] subsection when handling the server end of a handshake.
57
58       In each of these two subsections, there are three available options:
59
60       x509.truststore
61              This option specifies the pathname of a file containing  a  PEM-
62              encoded  trust  store that is to be used to verify a certificate
63              during a handshake.  If this option is not specified, tlshd uses
64              the system's trust store.
65
66       x509.certificate
67              This  option  specifies the pathname of a file containing a PEM-
68              encoded x.509 certificate that is to be presented during a hand‐
69              shake request when no other certificate is available.
70
71       x509.private_key
72              This  option  specifies the pathname of a file containing a PEM-
73              encoded private key associated with the above certificate.
74

NOTES

76       This software is a prototype.  It's purpose is for demonstration and as
77       a proof-of-concept.  USE THIS SOFTWARE AT YOUR OWN RISK.
78

SEE ALSO

80       tlshd(8)
81

AUTHOR

83       Chuck Lever
84
85
86
87                                  20 Oct 2022                    tlshd.conf(5)
Impressum