watt.net.
watt.net.clientKeepaliveAgingLimit
Specifies how long a socket is kept alive, measured in seconds. Before returning a socket to the pool, Integration Server compares the age of the socket connection against the value of the watt.net.clientKeepaliveAgingLimit. If the socket is older than the watt.net.clientKeepaliveAgingLimit value, then Integration Server does not return the socket to the pool. Instead, Integration Servercloses the socket. When another socket connection is needed, Integration Server will create it. If the socket age is less than the watt.net.clientKeepaliveAgingLimit value, then Integration Server returns the socket to the connection pool. The default is 180 seconds.
Note:
Even if the connection age is less than the watt.net.clientKeepaliveAgingLimit parameter, Integration Server will close the connection if the connection has exceeded the usage limit set by the watt.net.clientKeepaliveUsageLimit server configuration parameter.
Note:
The watt.net.clientKeepaliveAgingLimit parameter applies only if watt.net.maxClientKeepaliveConns is set to a value greater than 0.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.clientKeepaliveTimeout
Controls how long (in seconds) a client keep alive connection can remain idle before Integration Server closes it. The default is 180 seconds (3 minutes).
watt.net.clientKeepaliveUsageLimit
Specifies the maximum number of usages for a socket in a client connection pool. Before returning a socket to the pool, Integration Server compares the number of times the socket has been used to send a request to the watt.net.clientKeepaliveUsageLimit value. If the socket usage count is greater than the watt.net.clientKeepaliveUsageLimit value, then Integration Server does not return the socket to the pool. Instead, Integration Server closes the socket. If a new socket is needed in the pool, Integration Server creates one. The default value is 100 uses.
Note:
Even if the number of connection usages is less than the watt.net.clientKeepaliveUsageLimit parameter, Integration Server will close the connection if the connection has exceeded the age limit set by the watt.net.clientKeepaliveAgingLimit server configuration parameter.
Note:
The watt.net.clientKeepaliveUsageLimit parameter applies only if watt.net.maxClientKeepaliveConns is set to a value greater than 0.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.default.accept
Specifies the default value of the Accept header when an Accept header is not present in the headers input parameter to the pub.client:http service. If watt.net.default.accept does not have a value and no Accept header is present in the headers parameter, the pub.client:http service does not include an Accept header in the requests it sends. By default, the watt.net.default.accept parameter does not have a value.
watt.net.email.validateHost
Controls whether the Integration Server enforces IP access restrictions for e-mail listeners. When defining an e-mail port, you can define IP access restrictions that specify the hosts that are allowed or denied access via the e-mail port. Set this property to true if you want server to enforce the IP access restrictions for e-mail listeners or false if you do not. The default is true.
watt.net.encodeToUpperCase
Specifies whether Integration Server should use uppercase letters when encoding the characters in the request URL. When Integration Server processes a URL request, it converts the characters outside of the ASCII set in the URL to encoded characters by adding "%" followed by two hexadecimal digits. If this parameter is set to true, Integration Server uses uppercase letters in the hexadecimal digits. For example, the encoded value for "value1>4" will be "value1%3E4". When set to false, Integration Server does not convert the letters to uppercase. For example, the encoded value for "value1>4" will be "value1%3e4". Default is true.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ftp.ignoreErrors
Specifies, using a comma-separated list, any FTP command error codes that you want the FTP client to ignore. For example, setting the property to "501, 505" causes the FTP client to ignore error codes 501 and 505.
watt.net.ftp.noExtensionKey
Specifies the extension Integration Server should use to determine the MIME type of the input files when the files have no extension. When invoking an Integration Server service through FTP commands, Integration Server uses the specified extension. The default is ftp_no_extension, which means that Integration Server cannot determine the MIME type because there is no extension.
watt.net.ftp.securitychecks
Specifies whether or not Integration Server performs FTP security checks when FTP clients access the Integration Server FTP port. Set this property to true if you want Integration Server to perform FTP-related security checks. Set this property to false if you do not want Integration Server to perform any FTP-related security checks. The default is true.
watt.net.ftpClientDataConnTimeout
Specifies the number of milliseconds that a built-in FTP service executing in active mode (as specified by the transfertype input parameter) waits for a remote FTP server to connect to it. If the connection is not established in the specified amount of time, an exception is thrown. The default value is 30000 milliseconds (30 seconds).
watt.net.ftpClientTimeout
Specifies the length of time, measured in seconds, an FTP session can be idle before it is removed from memory. The default is 600 seconds (10 minutes).
watt.net.ftpConnTimeout
Specifies the maximum number of milliseconds the FTP listener allows the connection with the client to remain inactive. The default is 15 minutes.
watt.net.ftpDataConn
Specifies whether an Integration Server functioning as an FTP server allows multiple concurrent connections and supports parallel downloads. When this parameter is set to true, Integration Server allows parallel downloads and reuses the same FTP session. When this parameter is set to false, Integration Server does not allow parallel downloads and reuses the same FTP session. The default is false.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ftpDataConnTimeout
Specifies the maximum number of milliseconds the FTP listener waits between successive reads when performing a file upload. The default is 60000 milliseconds (60 seconds).
watt.net.ftpPassiveLocalAddr
Specifies the address to be sent by the PORT command. A host name or IP address can be specified.
Note:
This parameter is not applicable when an FTP/FTPS port is bound to an IPv6 address. In that case, the passive mode listen address is the same as the port bind address.
When running in passive mode, the FTP or FTPS port sends a PORT command to the FTP or FTPS client. The PORT command specifies the address and port to which the client should connect to create a data connection. If the FTP or FTPS port is behind a NAT server, however, the address of the host on which the Integration Server runs is not visible to the FTP or FTPS client. Consequently the PORT command does not contain the information the client needs to connect to the server. To remedy this situation, you can specify a value for the watt.net.ftpPassiveLocalAddr property.
Alternatively, when you configure an FTP or FTPS port (see
Adding an FTP Port or
Adding an FTPS Port), you can use the
Passive Mode Listen Address field to specify the passive mode address for an individual FTP or FTPS port. That way, you can specify a different passive mode address for each FTP port. If an address is specified in the
Passive Mode Listen Address field and in the watt.net.ftpPassiveLocalAddr property, the PORT command uses the value specified in the watt.net.ftpPassiveLocalAddr property.
watt.net.ftpPassivePort.max
Specifies the maximum port number of a port range for FTP/FTPS listeners to use with a client data connection that uses passive transfer mode (PASV). Must be used with watt.ftpPassivePort.min. For usage information, see watt.ftpPassivePort.min.
watt.net.ftpPassivePort.min
Specifies the minimum port number of a port range for FTP/FTPS listeners to use with a client data connection that uses passive transfer mode (PASV). Must be used with watt.ftpPassivePort.max. When a port range is specified with these properties, only the ports within the specified minimum and maximum port range (inclusive) are used as the listening ports for incoming FTP/FTPS client data connections. This enables a firewall administrator to open only the specified ports.
Operational considerations:
If both properties are not present or undefined, FTP/FTPS listeners continue the previous behavior of listening on any free port.
If the value specified for watt.net.ftpPassivePort.min is less than 1, a default value of 1 is used. If the value specified for watt.net.ftpPassivePort.max is greater than 65534, a default value of 65534 is used. When both of these conditions exist simultaneously, FTP/FTPS listeners continue the previous behavior of listening on any free port.
An error message is returned to the FTP/FTPS client on the command channel when the specified values do not fall within the expected range. For example, if one of the properties is not defined, if the watt.net.ftpPassivePort.min value is larger than the watt.net.ftpPassivePort.max value, or if one of the properties is not a valid number.
An error message is also returned when all the ports in the specified port range are in use.
Specific details of the error messages are available in the serverYYYYMMDD.log file.
Restarting the Integration Server is not required after defining these settings. You can modify the port range properties in the Integration Server Administrator at any time.
watt.net.ftpSweepInterval
Specifies the frequency, measured in seconds, at which an FTP sweeper executes. The FTP sweeper iterates through the FTP sessions in memory and removes the sessions that have exceeded their allotted idle timeout. By default, the FTP sweeper executes every 600 seconds (10 minutes).
watt.net.ftpUseCertMap
Specifies whether the Integration Server will honor certificate maps for requests received by FTPS ports.
When this property is set to false (the default), the Integration Server ignores the user specified on a client certificate and logs the user in with the information provided on the userid/password prompt instead.
When this property is set to true, if the client certificate has been previously mapped to an Integration Server user, the Integration Server will log the user in as the userid specified in the client certificate. The Integration Server ignores the userid provided on the userid/password prompt.
For example, suppose watt.net.ftpUseCertMap is set to false, and a certificate has been previously mapped to user Alice. When a user provides a certificate for user Alice and enters Alice's user name and password in response to the prompt, the Integration Server will log the user in as Alice. However, if the user provides the same certificate, but provides Bob's user name and password in response to the prompt, the Integration Server will log the user in as Bob. In other words, the Integration Server ignores the certificate map.
Note:
The
None,
Request Certificate, and
Require Certificate client authentication settings on the FTPS Listener Configuration page control whether the
Integration Server asks for a certificate and how the
Integration Server behaves when it does
not receive one. The watt.net.ftpUseCertMap property controls how the
Integration Server behaves when it
does receive a certificate from an FTP client. For more information about client authentication at FTPS and HTTPS ports, see
Client Certificate Authentication. For more information about certificate mapping, see
Importing a Client Certificate and
Mapping It to a User.
watt.net.ftpUseDefaultContentHdlr
Specifies how the FTP listening port on Integration Server should handle an incoming request with an unrecognized file extension. When set to true, the FTP listening port processes the incoming request using the default content handler, which treats the content as text/html. When set to false, the FTP listening port returns an exception when an incoming request with an unrecognized file extension is received. The default is true.
watt.net.http.clientSession.idleTimeout
Specifies how many milliseconds a newly created outbound HTTP/S session can be idle before the session times out and can be removed by the session sweeper. A lower idle timeout for a session allows Integration Server to more quickly remove a session that is not likely to be reused. The default value is 20,000 ms (i.e., 20 seconds). Outbound HTTP/S sessions have the name "(httpclient)".
watt.net.http.followRedirect
Specifies whether Integration Server automatically follows redirection when an outbound HTTP request receives a response code is between 300 and 400. Set to true for outbound requests to follow the redirect. Set to false for outbound requests to not follow the redirect and instead return the response code and all the response headers from the original outbound request. The default is true.
The watt.net.http.followRedirect behavior can be over-ridden on a case-by-case basis by the followRedirect input parameter for the pub.client:http service.
watt.net.http.redirect.performSSRFcheck
Specifies whether Integration Server performs an IP address and protocol check to prevent Server-Side Request Forgery (SSRF) when following a redirection request.
When set to true, when handling an outbound request for which redirection requests can be followed, Integration Server performs the following two checks to prevent SSRF.
The redirected URL must use the http or https protocol.
Integration Server denies redirection for any other protocol.
The IP address of the redirected URL cannot be a private address.
If the redirected URL specifies a protocol other than HTTP or HTTPS and/or specifies a private IP address, Integration Server returns a generic error to the caller of the outbound service and logs error messages about SSRF check and the reason for denial.
When set to false, Integration Server does not perform any SSRF checks before following a redirection.
The default is false.
watt.net.httpChunkSize
Sets the default chunk size when sending an HTTP request or response using Transfer-Encoding:Chunked. The default chunk size is 8192 bytes. The minimum chunk size is 500 bytes.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.httpPass
The default HTTP password that Integration Server must use when invoking a service as a client.
watt.net.httpUser
Specifies the default authenticated HTTP user name that Integration Server will use while acting as a client to invoke a service. For example, if Integration Server is invoking the pub.client:http service without specifying the auth/user parameter, then Integration Server uses the value of this property as the user name. There is no default value.
watt.net.http401.throwException
Specifies whether the pub.client:http service throws a NetException when receiving a 401 error response or, instead, places the HTTP response header and body in the pipeline. When watt.net.http401.throwException is set to true, when the pub.client:http service receives a 401 error, the service throws a NetException. When watt.net.http401.throwException is set to false, when the pub.client:http service receives a 401 error, the service suppresses the NetException and places the HTTP response header and body, if one exists, into the header and body fields in the service output. The default is true.
watt.net.http501-599.throwException
Specifies whether the pub.client:http service throws a ServiceException or returns response headers and response body when receiving a 501 to 599 level response from a remote HTTP server. When set to true, the pub.client:http service throws a ServiceException when it receives a 501 to 599 level response from a remote HTTP server. When set to false, the pub.client:http service does not throw a ServiceException when it receives a 501 to 599 level response from a remote HTTP server. Instead, when the pub.client:http service returns a status code in the 501 to 599 range, the service returns the status code, response headers, and response body in the service output. The default is true.
Note:
When the remote HTTP server returns a response code of 500, the pub.client:http service returns the status code, response headers, and response body.
watt.net.jsse.client.disabledProtocols
Specifies the list of disabled SSL and TLS protocol versions when Integration Server acts as an SSL client making outbound requests. The default disabled protocols are: SSLv2Hello,SSLv3,TLSv1,TLSv1.1.
Changes to this parameter take effect the next time an outbound connection is created.
The value of the watt.net.jsse.client.disabledProtocols property affects all outbound connections from Integration Server that use JSSE for SSL.
watt.net.jsse.client.enabledCipherSuiteList
Specifies, using a comma-separated list or a file, the cipher suites used on JSSE sockets that are used while making outbound HTTPS or FTPS requests. To include all the cipher suites supported by the JVM, set this parameter to default.
For example:
watt.net.jsse.client.enabledCipherSuiteList= TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_ CBC_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256
watt.net.jsse.client.enabledCipherSuiteList=default
The default values is default.
You can set the value of this parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these. For information about specifying a file as the value for this parameter, see
Specifying Cipher Suites for Use
with SSL.
Note:
The value of the watt.net.jsse.client.enabledCipherSuiteList property affects all HTTPS, FTPS, and E-mail ports; and SMTP outbound connections of Integration Server that use JSSE for SSL.
Note:
Any changes you make to watt.net.jsse.client.enabledCipherSuiteList affect new connections only.
watt.net.jsse.server.disabledProtocols
Specifies the list of disabled SSL and TLS protocol versions when Integration Server acts as SSL the server handling inbound requests. The default disabled protocols are: SSLv2Hello,SSLv3,TLSv1,TLSv1.1.
Changes to this property take effect for a port after you restart the port. You can restart a port by disabling and then enabling the port. Additionally, Integration Server starts each enabled port upon startup.
Note:
To prevent a protocol downgrade during negotiation, set watt.net.jsse.server.disabledProtocols to disable all protocol versions except one or two protocols that are TLSv1.2 and higher.
Note:
You can disable protocols on a per port basis. The protocols disabled per port supersede those set in the watt.net.jssse.server.disabledProtocols parameter. For more information about disabling protocols for a particular port, see
Disabling Protocols for JSSE per Port.
watt.net.jsse.server.enabledCipherSuiteList
Specifies, using a comma-separated list or file, the cipher suites used on Integration Server ports that use JSSE and handle inbound requests.
To include all the cipher suites supported by the JVM, set this parameter to default.
For example:
watt.net.jsse.server.enabledCipherSuiteList= TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_ 256_CBC_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256
watt.net.jsse.server.enabledCipherSuiteList=default
The default value is default.
You can set the value of this parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these. For information about specifying a file as the value for this parameter, see
Specifying Cipher Suites for Use
with SSL.
Important:
For changes to this property to take effect, you must start the port. If the port is already started, you can restart it by disabling the port and then enabling it.
watt.net.jsse.server.SSLSessionTimeout
Specifies the amount of time in seconds for which Integration Server waits before timing out and removing an SSL session from the SSL cache. The value of watt.net.jsse.server.SSLSessionTimeout must be greater than or equal to 0. If the value is set to 0, then the SSL session will never time out. By default this parameter is empty, which indicates that Integration Server follows the default caching behavior that is supported by JSSE.
Note:
This server configuration parameter is only applicable for ports using JSSE.
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.jsse.server.useCipherSuitesOrder
Specifies whether the local cipher suites preference should be honored by Integration Server during the SSL/TLS handshake when Integration Server acts as the SSL/TLS server and uses JSSE. When set to true, Integration Server uses the cipher suites set in watt.net.jsse.server.enabledCipherSuiteList during the SSL/TLS handshake. If watt.net.jsse.server.enabledCipherSuiteList is set to "default" or is empty, then Integration Server ignores this parameter. When set to false, Integration Server ignores the order of cipher suites. The default value of this parameter is false.
Important:
For changes to this property to take effect, you must start the port. If the port is already started, you can restart it by disabling the port and then enabling it.
watt.net.localhost
Sets the host name of the machine from which you are using the Integration Server. There is no default.
In some instances, such as when the Integration Server needs to identify itself to other Integration Servers, the IP address of the machine hosting Integration Server is required. In this case, Integration Server performs a reverse DNS lookup on the specified host name and supplies the IP address of the machine in place of the loopback address (127.0.0.1 in IPv4 or ::1 in IPv6), which is sometimes returned by java.net.InetAddress.getLocalHost() in place of the actual IP address. In many cases, the loopback address is not sufficient and Integration Server needs the actual address. This most commonly occurs when the IP address of the host is acquired dynamically from a DHCP server, or when the host has more than one network interface card.
In most cases, you can resolve the IP address by modifying the C:\Windows\system32\drivers\etc file (in Windows) or the etc/hosts or the etc/nsswitch.conf files (in Linux and Unix). When you cannot modify these files, or if modifying them does not correct the problem, set watt.net.localhost.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.maxClientKeepaliveConns
Sets the default number of client keep alive connections to retain for a given target endpoint. The default is 0, which indicates that Integration Server does not retain client keep alive connections for a target endpoint. Integration Server creates a new socket for each request.
Software AG recommends setting watt.net.maxClientKeepaliveConns to 0. Setting the property to a value higher than 0 may be beneficial in situations where the frequency and number of concurrent requests to a given target endpoint are high. In situations where this is not the case, idle sockets will become stale and inoperable, resulting in unexpected exceptions such as the following:
[ISC.0077.9998E] Exception --> org.apache.axis2.AxisFault: Broken pipe
watt.net.maxRedirects
Specifies the maximum number of HTTP redirects to allow before throwing an I/O exception. The default is 5.
watt.net.maxRetries
Specifies the maximum number of retry attempts Integration Server can make for a failed socket connection. The default is 1. A value of 0 indicates that Integration Server should not retry a failed socket connection.
watt.net.overrideSystemProxyselector
Specifies whether the proxy selector of Integration Server will override the default JVM system proxy selector when a Java service tries to connect to a remote server. When this property is set to true, all network connections will honor the proxy aliases configured using Integration Server Administrator. When this property is set to false, the default JVM system proxy selector will be used. The default is false.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.primaryListener
This is an internal property. Do not modify.
watt.net.proxySkipList
Specifies a comma-separated list of domain names for which the Integration Server should not use proxy servers. The default is localhost.
watt.net.proxy.fallbackToDirectConnection
Specifies whether Integration Server should route HTTP, HTTPS, FTP, SFTP, and SOCKS requests directly to the target server when connections through all of the specified proxy server aliases for the requested protocol fail. For example, if the request uses HTTP, Integration Server routes the request through an HTTP proxy server alias. If this property is set to false and the connection to the destination server through proxy aliases fails, Integration Server issues an exception. If this property is set to true, Integration Server attempts to make a direct connection with the destination server specified in the request. The default is true.
Note:
If there are no proxy server aliases defined for
Integration Server, the value of watt.net.proxy.fallbackToDirectConnection is ignored. For information about proxy server aliases, see
Specifying a Default Proxy Server
Alias.
watt.net.proxy.useNonDefaultProxies
Specifies whether Integration Server makes outbound connection requests using all enabled proxy server aliases if the outbound request does not specify a proxy server alias and if a default proxy server alias is not specified. When the watt.net.proxy.useNonDefaultProxies parameter is set to true, if the outbound request does not specify a proxy server alias and there is no default proxy server alias, Integration Server makes outbound requests using each enabled proxy server alias until the request is sent successfully or all proxy servers have been tried. If all proxy servers have been tried and the attempt to send the request fails or if there are no proxy aliases specified, Integration Server either makes a direct connection to the target server or throws an exception depending on the settings specified for the watt.net.proxy.fallbackToDirectConnection parameter. When the watt.net.proxy.useNonDefaultProxies parameter is set to false, if a default proxy server alias is not specified, Integration Server sends the request to the remote server using a direct connection. Integration Server does not attempt to make outbound requests using the enabled proxy server aliases. The default is true.
watt.net.retries
Specifies the number of times to retry a server that times out. This can be overridden by the client. The default is 0.
watt.net.sftpSweepInterval
Specifies the frequency, measured in minutes, at which an SFTP sweeper executes. The SFTP sweeper iterates through the SFTP sessions in memory and removes the sessions that have exceeded their allotted idle timeout. By default, the SFTP sweeper executes every 10 minutes.
watt.net.socketpool.sweeperInterval
Specifies the frequency, in seconds, at which the socket pool sweeper executes. The socket pool sweeper sends a ping request to all webMethods Enterprise Gateway connections and HTTP client connections. During a sweep it removes any invalid HTTP client connections. By default, the sweeper executes every 60 seconds.
Note:
The value of watt.net.socketpool.sweeperInterval should be less than the value of the watt.server.rg.internalregistration.timeout server configuration parameter.
Note:
On your Enterprise Gateway, if watt.server.rg.gateway.pinginterval is set, Integration Server uses that setting and ignores the value of watt.net.socketpool.sweeperInterval.
watt.net.socketProvider
Identifies the Java class that implements the com.wm.net.SocketProviderIf interface for secure socket communication. The default is com.wm.ext.iaik.IaikSecureSocket.
watt.net.ssl.client.cipherSuiteList
Specifies a list of cipher suites for outbound SSL connections when JSSE is not used. When the default value is set to default, Integration Server uses its default list of cipher suites. If you want to specify non-default cipher suites, enter a comma-separated list of cipher suite names. If the property watt.net.ssl.client.strongcipheronly is set to true, and if there are any non-strong cipher suites in the list specified, those will be ignored, and a warning message will be logged.
You can set the value of this parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these. For information about specifying a file as the value for this parameter, see
Specifying Cipher Suites for Use
with SSL.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.client.handshake.maxVersion
Specifies the maximum SSL protocol version that Integration Server supports when Integration Server acts as a client and makes an outbound request and does not use JSSE. For example, if set to tls (the default), the maximum version of SSL protocol supported by Integration Server is TLS 1.0. If set to sslv3, the maximum version of SSL protocol supported by Integration Server is SSL 3.0.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.client.handshake.minVersion
Specifies the minimum version of SSL protocol Integration Server supports when Integration Server acts as a client and makes an outbound request and does not use JSSE. Set to:
sslv2 (the default) to specify SSL 2.0
tls to specify TLS 1.0
sslv3 to specify SSL 3.0
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.client.hostnameverification
When Integration Server is acting as an HTTPS client, this parameter specifies whether Integration Server should restrict outbound HTTPS connections only when a valid hostname is found in the server’s certificate.
When set to
true,
Integration Server verifies if the hostname is present in the server’s certificate. If this verification fails, an error is logged and the connection is aborted.
When set to
false,
Integration Server will bypass the hostname verification. This is the default.
When set to
log,
Integration Server logs the debug message in the server log if the hostname verification fails, but allows the connection to go through. If the hostname verification succeeds, no log is generated.
watt.net.ssl.client.strongcipheronly
Specifies whether the Integration Server is to restrict outbound HTTPS connections to use strong cipher suites only (128 bit session keys or higher). If you specify false (the default), when Integration Server initiates a connection to another server, it will attempt to negotiate a strong cipher suite, and if unsuccessful will fall back to using a weak (64, 56, or 40 bit) cipher suite. If you specify true, when Integration Server initiates a connection to another server, it will attempt to negotiate a strong cipher suite, and if unsuccessful will disconnect rather than use a weak cipher suite.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.client.ftps.useJSSE
Controls the use of JSSE for all of the outbound FTPS connections from Integration Server. Set this parameter to true to use JSSE for all of the outbound FTPS connections. Set this property to false to indicate that JSSE is not used for outbound FTPS connections. The default is false.
Note:
When executing the pub.client:ftp service or the pub.client.ftp:login service, the value of the useJSSE input parameter overrides the value of the watt.net.ssl.client.ftps.useJSSE server configuration parameter.
watt.net.ssl.client.useJSSE
Controls the use of JSSE for all of the outbound HTTPS connections from Integration Server. Set this parameter to true to use JSSE for all of the outbound HTTPS connections. Set this property to false to indicate that JSSE is not used for outbound HTTPS connections. The default is true.
Note:
When executing the pub.client:http service or the pub.client:soapClient service, the value of the useJSSE input parameter overrides the value of the watt.net.ssl.client.useJSSE server configuration parameter.
watt.net.ssl.email.client.useJSSE
Controls the use of JSSE for all email notifications about resources in Integration Server. Set this parameter to true to use JSSE for all resource notifications. Otherwise, set it to false. The default value is true.
watt.net.ssl.email.client.smtp.useJSSE
Controls the use of JSSE for all the outbound SMTP connections from Integration Server. Set this parameter to true to use JSSE for all of the outbound SMTP connections. Otherwise, set it to false. The default value is false.
Note:
When running the pub.client:smtp service, the value of the useJSSE input parameter of the service is used instead of this parameter. However, if the useJSSE input parameter of the pub.client:smtp service is empty, then this parameter is considered.
watt.net.ssl.randomAlgorithm
Identifies the random algorithm name used by Integration Server. The default value is FIPS186_2usingSHA1.
Note:
This parameter is for use only when Integration Server is installed on HP-UX.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.cipherSuiteList
Specifies a list of cipher suites for inbound SSL connections when JSSE is not used. When the default value is set to default, Integration Server uses its default list of cipher suites. If you want to specify non-default cipher suites, enter a comma-separated list of cipher suite names. If the property watt.net.ssl.server.strongcipheronly is set to true, and if there are any non-strong cipher suites in the list, those will be ignored and a warning message will be logged.
You can set the value of this parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these. For information about specifying a file as the value for this parameter, see
Specifying Cipher Suites for Use
with SSL.
Important:
If you change the setting of this parameter, you must restart any impacted ports for the changes to take effect. To restart a port, you can disable and then enable the port. Reloading the package associated with the port or restarting Integration Server also restarts a port.
watt.net.ssl.server.clientHandshakeTimeout
Specifies the number of milliseconds that Integration Server waits for a response during an SSL handshake before timing out. Integration Server uses this value for inbound and outbound requests. The default is 20000 milliseconds.
watt.net.ssl.server.handshake.maxVersion
Specifies the maximum version of the SSL protocol that Integration Server supports when acting as the server handling inbound requests. Set to:
sslv3 to specify SSL 3.0
tls to specify TLS 1.0
The default is tls.
The value of watt.net.ssl.server.handshake.maxVersion affects all HTTPS ports that use Entrust toolkit for SSL. An HTTPS port uses Entrust when the Use JSSE parameter for the port is set to No.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.handshake.minVersion
Specifies the minimum version of the SSL protocol that Integration Server supports when acting as the server handling inbound requests. Set to:
sslv3 to specify SSL 3.0
tls to specify TLS 1.0.
The default is tls.
The value of watt.net.ssl.server.handshake.minVersion affects all HTTPS ports that use Entrust toolkit for SSL. An HTTPS port uses Entrust when the Use JSSE parameter for the port is set to No.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.sessionlog
Specifies whether Integration Server logs the SSL session information for inbound connections. When this parameter is set to true, Integration Server logs the SSL session in a separate inboundSSLSessions.log file for Entrust and JSSE security providers. Integration Server creates the inboundSSLSessions.log file under Integration Server_directory \instances\instance_name\logs directory. SSL session information is logged in JSON format. When this parameter is set to false, Integration Server does not log the SSL session information. The default value is false.
watt.net.ssl.server.sessionlog.maxFileSize
Specifies the maximum size of the inboundSSLSessions.log file in megabytes (MB). When the file reaches the maximum size, Integration Server renames the file to inboundSSLSessions_<DATE(YYYYMMDD)>_TIME(HHMMSS).log and creates a new inboundSSLSessions.log file. Specify an integer greater than 0 ( zero). If you specify a value less than or equal to zero, then Integration Server uses the default value. The default value is 10.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.sessionlog.cacheLogEntries
Specifies whether Integration Server tracks the SSL session log entries in cache. If this parameter is set to true, Integration Server does not log the SSL session information for entries that already exist in the cache. This eliminates duplicate entries in the log file. Default value is false.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.sessionlog.cachedLogEntries.expiryTime
Specifies, in seconds, how often Integration Server checks for and removes the expired SSL session log entries from cache. If a client reuses a session for which Integration Server has removed the log entry, then Integration Server logs the session information again for that session. Specify an integer greater than 0 ( zero). If you specify a value less than or equal to zero, then Integration Server uses the default value. The default is 300 seconds.
Integration Server uses a sweeper task called SSL Session Log Entries Sweeper to remove the expired sessions.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.sessionlog.file
Specifies either an absolute or relative path to the file to which Integration Server writes the SSL session information. Relative path is relative to the Integration Server home directory: Integration Server_directory \instances\instance_name. You must specify a path with a valid directory name and filename. The default is: Integration Server_directory \instances\instance_name\logs\inboundSSLSessions.log.
Note:
If you do not provide a valid path, then Integration Server uses the default path and file name: Integration Server_directory \instances\instance_name\logs\inboundSSLSessions.log.
If you specify a path that points to a network location, when the location is inaccessible to log the session details, Integration Server logs the SSL session information to the console till the location becomes accessible. Additionally, if Integration Server faces a connection problem while logging the session details, then the log file may contain null or invalid characters.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.sessionlog.prettyPrint
Specifies whether the SSL session log entry is formatted with carriage returns and indentation to make the SSL session log easier to read. If this parameter is set to true, Integration Server formats JSON with carriage returns and indentation to ease readability. The default is false.
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.sessionlog.includeTimestamp
Specifies whether Integration Server includes a timestamp in the SSL session log entries. If this parameter is set to true, log entry begins with a timestamp. The default is false.
Example:
If this parameter is set to true, then the log entry starts with a timestamp:2019-07-03 10:37:24 IST {"provider":"JSSE","loggedInUser":"Administrator"…..}. If this parameter is set to false, then the log entry does not contain a timestamp:{"provider":"JSSE","loggedInUser":"Administrator"…..}
Important:
If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.net.ssl.server.strongcipheronly
Specifies whether the Integration Server is to restrict inbound HTTPS connections to use strong cipher suites only (128 bit session keys or higher). If you specify false (the default), when a client connects to the Integration Server, the server will attempt to negotiate a strong cipher suite, and if unsuccessful will fall back to using a weak (64, 56, or 40 bit) cipher suite. If you specify true, when a client connects to the Integration Server, the server will attempt to negotiate a strong cipher suite, and if unsuccessful will disconnect rather than use a weak cipher suite.
Important:
If you change the setting of this parameter, you must restart any impacted ports for the changes to take effect. To restart a port, you can disable and then enable the port. Reloading the package associated with the port or restarting Integration Server also restarts a port.
watt.net.timeout
Specifies the number of seconds the server waits for an HTTP request to be fulfilled before the request times out. To set Integration Server to wait indefinitely for a response from the target server, set this parameter to 0. The default is 300 (5 minutes).
Important:
If you set watt.net.timeout to 0 and the target server does not respond to the request, the Integration Server making the request cannot process new requests due to thread pool exhaustion.
watt.net.useCookies
Specifies whether Integration Server accepts or denies cookies when communicating with web server. Set to true to accept cookies; set to false (or null) to deny cookies. The default is true.
watt.net.userAgent
Specifies the value the server uses in the HTTP User Agent request header when it requests a web document from a web server. The default is Mozilla/4.0 [en] (WinNT; I).