Specifies how long a socket is kept alive, measured in seconds. Before returning a socket to the pool, Integration Server compares the age of the socket connection against the value of the watt.net.clientKeepaliveAgingLimit. If the socket is older than the watt.net.clientKeepaliveAgingLimit value, then Integration Server does not return the socket to the pool. Instead, Integration Servercloses the socket. When another socket connection is needed, Integration Server will create it. If the socket age is less than the watt.net.clientKeepaliveAgingLimit value, then Integration Server returns the socket to the connection pool. The default is 180 seconds.

Controls how long (in seconds) a client keep alive connection can remain idle before Integration Server closes it. The default is 180 seconds (3 minutes).

Specifies the maximum number of usages for a socket in a client connection pool. Before returning a socket to the pool, Integration Server compares the number of times the socket has been used to send a request to the watt.net.clientKeepaliveUsageLimit value. If the socket usage count is greater than the watt.net.clientKeepaliveUsageLimit value, then Integration Server does not return the socket to the pool. Instead, Integration Server closes the socket. If a new socket is needed in the pool, Integration Server creates one. The default value is 100 uses.

Specifies the default value of the Accept header when an Accept header is not present in the headers input parameter to the pub.client:http service. If watt.net.default.accept does not have a value and no Accept header is present in the headers parameter, the pub.client:http service does not include an Accept header in the requests it sends. By default, the watt.net.default.accept parameter does not have a value.

Controls whether the Integration Server enforces IP access restrictions for e-mail listeners. When defining an e-mail port, you can define IP access restrictions that specify the hosts that are allowed or denied access via the e-mail port. Set this property to true if you want server to enforce the IP access restrictions for e-mail listeners or false if you do not. The default is true.

Specifies whether Integration Server should use uppercase letters when encoding the characters in the request URL. When Integration Server processes a URL request, it converts the characters outside of the ASCII set in the URL to encoded characters by adding "%" followed by two hexadecimal digits. If this parameter is set to true, Integration Server uses uppercase letters in the hexadecimal digits. For example, the encoded value for "value1>4" will be "value1%3E4". When set to false, Integration Server does not convert the letters to uppercase. For example, the encoded value for "value1>4" will be "value1%3e4". Default is true.

Specifies, using a comma-separated list, any FTP command error codes that you want the FTP client to ignore. For example, setting the property to "501, 505" causes the FTP client to ignore error codes 501 and 505.

Specifies the extension Integration Server should use to determine the MIME type of the input files when the files have no extension. When invoking an Integration Server service through FTP commands, Integration Server uses the specified extension. The default is ftp_no_extension, which means that Integration Server cannot determine the MIME type because there is no extension.

Specifies the number of milliseconds that a built-in FTP service executing in active mode (as specified by the transfertype input parameter) waits for a remote FTP server to connect to it. If the connection is not established in the specified amount of time, an exception is thrown. The default value is 30000 milliseconds (30 seconds).

Specifies the length of time, measured in seconds, an FTP session can be idle before it is removed from memory. The default is 600 seconds (10 minutes).

Specifies the maximum number of milliseconds the FTP listener allows the connection with the client to remain inactive. The default is 15 minutes.

Specifies whether an Integration Server functioning as an FTP server allows multiple concurrent connections and supports parallel downloads. When this parameter is set to true, Integration Server allows parallel downloads and reuses the same FTP session. When this parameter is set to false, Integration Server does not allow parallel downloads and reuses the same FTP session. The default is false.

Specifies the maximum number of milliseconds the FTP listener waits between successive reads when performing a file upload. The default is 60000 milliseconds (60 seconds).

Specifies the address to be sent by the PORT command. A host name or IP address can be specified.

When running in passive mode, the FTP or FTPS port sends a PORT command to the FTP or FTPS client. The PORT command specifies the address and port to which the client should connect to create a data connection. If the FTP or FTPS port is behind a NAT server, however, the address of the host on which the Integration Server runs is not visible to the FTP or FTPS client. Consequently the PORT command does not contain the information the client needs to connect to the server. To remedy this situation, you can specify a value for the watt.net.ftpPassiveLocalAddr property.

Alternatively, when you configure an FTP or FTPS port (see Adding an FTP Port or Adding an FTPS Port), you can use the Passive Mode Listen Address field to specify the passive mode address for an individual FTP or FTPS port. That way, you can specify a different passive mode address for each FTP port. If an address is specified in the Passive Mode Listen Address field and in the watt.net.ftpPassiveLocalAddr property, the PORT command uses the value specified in the watt.net.ftpPassiveLocalAddr property.

Specifies the maximum port number of a port range for FTP/FTPS listeners to use with a client data connection that uses passive transfer mode (PASV). Must be used with watt.ftpPassivePort.min. For usage information, see watt.ftpPassivePort.min.

Specifies the minimum port number of a port range for FTP/FTPS listeners to use with a client data connection that uses passive transfer mode (PASV). Must be used with watt.ftpPassivePort.max. When a port range is specified with these properties, only the ports within the specified minimum and maximum port range (inclusive) are used as the listening ports for incoming FTP/FTPS client data connections. This enables a firewall administrator to open only the specified ports.

Operational considerations:

Restarting the Integration Server is not required after defining these settings. You can modify the port range properties in the Integration Server Administrator at any time.

Specifies the frequency, measured in seconds, at which an FTP sweeper executes. The FTP sweeper iterates through the FTP sessions in memory and removes the sessions that have exceeded their allotted idle timeout. By default, the FTP sweeper executes every 600 seconds (10 minutes).

Specifies whether the Integration Server will honor certificate maps for requests received by FTPS ports.

When this property is set to false (the default), the Integration Server ignores the user specified on a client certificate and logs the user in with the information provided on the userid/password prompt instead.

When this property is set to true, if the client certificate has been previously mapped to an Integration Server user, the Integration Server will log the user in as the userid specified in the client certificate. The Integration Server ignores the userid provided on the userid/password prompt.

For example, suppose watt.net.ftpUseCertMap is set to false, and a certificate has been previously mapped to user Alice. When a user provides a certificate for user Alice and enters Alice's user name and password in response to the prompt, the Integration Server will log the user in as Alice. However, if the user provides the same certificate, but provides Bob's user name and password in response to the prompt, the Integration Server will log the user in as Bob. In other words, the Integration Server ignores the certificate map.

Specifies how the FTP listening port on Integration Server should handle an incoming request with an unrecognized file extension. When set to true, the FTP listening port processes the incoming request using the default content handler, which treats the content as text/html. When set to false, the FTP listening port returns an exception when an incoming request with an unrecognized file extension is received. The default is true.

Sets the default chunk size when sending an HTTP request or response using Transfer-Encoding:Chunked. The default chunk size is 8192 bytes. The minimum chunk size is 500 bytes.

The default HTTP password that Integration Server must use when invoking a service as a client.

Specifies the default authenticated HTTP user name that Integration Server will use while acting as a client to invoke a service. For example, if Integration Server is invoking the pub.client:http service without specifying the auth/user parameter, then Integration Server uses the value of this property as the user name. There is no default value.

Specifies whether the pub.client:http service throws a NetException when receiving a 401 error response or, instead, places the HTTP response header and body in the pipeline. When watt.net.http401.throwException is set to true, when the pub.client:http service receives a 401 error, the service throws a NetException. When watt.net.http401.throwException is set to false, when the pub.client:http service receives a 401 error, the service suppresses the NetException and places the HTTP response header and body, if one exists, into the header and body fields in the service output. The default is true.

Specifies whether the pub.client:http service throws a ServiceException or returns response headers and response body when receiving a 501 to 599 level response from a remote HTTP server. When set to true, the pub.client:http service throws a ServiceException when it receives a 501 to 599 level response from a remote HTTP server. When set to false, the pub.client:http service does not throw a ServiceException when it receives a 501 to 599 level response from a remote HTTP server. Instead, when the pub.client:http service returns a status code in the 501 to 599 range, the service returns the status code, response headers, and response body in the service output. The default is true.

Specifies, using a comma-separated list or a file, the cipher suites used on JSSE sockets that are used while making outbound HTTPS or FTPS requests. To include all the cipher suites supported by the JVM, set this parameter to default.

For example:

The default values is default.

You can set the value of this parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these. For information about specifying a file as the value for this parameter, see Specifying Cipher Suites for Use with SSL.

Specifies the SSL and TLS protocol versions that Integration Server supports when acting as a client making outbound requests. Specify a comma-separated list that includes one or more of the following:

The default value is: TLSv1,TLSv1.1,TLSv1.2

Specifies, using a comma-separated list or file, the cipher suites used on Integration Server ports that use JSSE and handle inbound requests.

To include all the cipher suites supported by the JVM, set this parameter to default.

For example:

The default value is default.

You can set the value of this parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these. For information about specifying a file as the value for this parameter, see Specifying Cipher Suites for Use with SSL.

Specifies the SSL protocol versions that Integration Server supports when acting as a server handling inbound requests. Specify a comma-separated list that includes one or more of the following:

The default value is: SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2

You can also configure the allowed protocols for use with a particular JSSE port by specifying the allowed protocols in the HTTPS and FTPS port records of the listeners.cnf file. For more information, see Configuring the Allowed Protocols for JSSE per Port.

Specifies the amount of time in seconds for which Integration Server waits before timing out and removing an SSL session from the SSL cache. The value of watt.net.jsse.server.SSLSessionTimeout must be greater than or equal to 0. If the value is set to 0, then the SSL session will never time out. By default this parameter is empty, which indicates that Integration Server follows the default caching behavior that is supported by JSSE.

If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.

Specifies whether the local cipher suites preference should be honored by Integration Server during the SSL/TLS handshake when Integration Server acts as the SSL/TLS server and requires the use of JSSE. When set to true, Integration Server uses the cipher suites set in watt.net.jsse.server.enabledCipherSuiteList during the SSL/TLS handshake. If watt.net.jsse.server.enabledCipherSuiteList is set to "default" or is empty, then Integration Server ignores the "watt.net.jsse.server.setUseCipherSuitesOrder" property. When set to false, Integration Server ignores the order of cipher suites. The default value of “watt.net.jsse.server.setUseCipherSuitesOrder" is false.

Sets the host name of the machine from which you are using the Integration Server. There is no default.

In some instances, such as when the Integration Server needs to identify itself to other Integration Servers, the IP address of the machine hosting Integration Server is required. In this case, Integration Server performs a reverse DNS lookup on the specified host name and supplies the IP address of the machine in place of the loopback address (127.0.0.1 in IPv4 or ::1 in IPv6), which is sometimes returned by java.net.InetAddress.getLocalHost() in place of the actual IP address. In many cases, the loopback address is not sufficient and Integration Server needs the actual address. This most commonly occurs when the IP address of the host is acquired dynamically from a DHCP server, or when the host has more than one network interface card.

In most cases, you can resolve the IP address by modifying the C:\Windows\system32\drivers\etc file (in Windows) or the etc/hosts or the etc/nsswitch.conf files (in Linux and Unix). When you cannot modify these files, or if modifying them does not correct the problem, set watt.net.localhost.

Sets the default number of client keep alive connections to retain for a given target endpoint. The default is 0, which indicates that Integration Server does not retain client keep alive connections for a target endpoint. Integration Server creates a new socket for each request.

Software AG recommends setting watt.net.maxClientKeepaliveConns to 0. Setting the property to a value higher than 0 may be beneficial in situations where the frequency and number of concurrent requests to a given target endpoint are high. In situations where this is not the case, idle sockets will become stale and inoperable, resulting in unexpected exceptions such as the following:

Specifies the maximum number of HTTP redirects to allow before throwing an I/O exception. The default is 5.

Specifies the maximum number of retry attempts Integration Server can make for a failed socket connection. The default is 1. A value of 0 indicates that Integration Server should not retry a failed socket connection.

Specifies whether the proxy selector of Integration Server will override the default JVM system proxy selector when a Java service tries to connect to a remote server. When this property is set to true, all network connections will honor the proxy aliases configured using Integration Server Administrator. When this property is set to false, the default JVM system proxy selector will be used. The default is false.

This is an internal property. Do not modify.

Specifies a comma-separated list of domain names for which the Integration Server should not use proxy servers. The default is localhost.

Specifies whether Integration Server should route HTTP, HTTPS, FTP, SFTP, and SOCKS requests directly to the target server when connections through all of the specified proxy server aliases for the requested protocol fail. For example, if the request uses HTTP, Integration Server routes the request through an HTTP proxy server alias. If this property is set to false and the connection to the destination server through proxy aliases fails, Integration Server issues an exception. If this property is set to true, Integration Server attempts to make a direct connection with the destination server specified in the request. The default is true.

Specifies whether Integration Server makes outbound connection requests using all enabled proxy server aliases if the outbound request does not specify a proxy server alias and if a default proxy server alias is not specified. When the watt.net.proxy.useNonDefaultProxies parameter is set to true, if the outbound request does not specify a proxy server alias and there is no default proxy server alias, Integration Server makes outbound requests using each enabled proxy server alias until the request is sent successfully or all proxy servers have been tried. If all proxy servers have been tried and the attempt to send the request fails or if there are no proxy aliases specified, Integration Server either makes a direct connection to the target server or throws an exception depending on the settings specified for the watt.net.proxy.fallbackToDirectConnection parameter. When the watt.net.proxy.useNonDefaultProxies parameter is set to false, if a default proxy server alias is not specified, Integration Server sends the request to the remote server using a direct connection. Integration Server does not attempt to make outbound requests using the enabled proxy server aliases. The default is true.

For more information about how Integration Server uses proxy servers, see How Integration Server Uses Proxy Servers.

Specifies the number of times to retry a server that times out. This can be overridden by the client. The default is 0.

Specifies the frequency, measured in minutes, at which an SFTP sweeper executes. The SFTP sweeper iterates through the SFTP sessions in memory and removes the sessions that have exceeded their allotted idle timeout. By default, the SFTP sweeper executes every 10 minutes.

Specifies the frequency, in seconds, at which the socket pool sweeper executes. The socket pool sweeper sends a ping request to all webMethods Enterprise Gateway connections and HTTP client connections. During a sweep it removes any invalid HTTP client connections. By default, the sweeper executes every 60 seconds.

Identifies the Java class that implements the com.wm.net.SocketProviderIf interface for secure socket communication. The default is com.wm.ext.iaik.IaikSecureSocket.

Specifies a list of cipher suites for outbound SSL connections. When the default value is set to default, Integration Server uses its default list of cipher suites. If you want to specify non-default cipher suites, enter a comma-separated list of cipher suite names. If the property watt.net.ssl.client.strongcipheronly is set to true, and if there are any non-strong cipher suites in the list specified, those will be ignored, and a warning message will be logged.

You can set the value of this parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these. For information about specifying a file as the value for this parameter, see Specifying Cipher Suites for Use with SSL.

Specifies the maximum SSL protocol version that Integration Server supports when Integration Server acts as a client and makes an outbound request. For example, if set to tls (the default), the maximum version of SSL protocol supported by Integration Server is TLS 1.0. If set to sslv3, the maximum version of SSL protocol supported by Integration Server is SSL 3.0.

Specifies the minimum version of SSL protocol Integration Server supports when Integration Server acts as a client and makes an outbound request. Set to:

When Integration Server is acting as an HTTPS client, this parameter specifies whether Integration Server should restrict outbound HTTPS connections only when a valid hostname is found in the server’s certificate.

Specifies whether the Integration Server is to restrict outbound HTTPS connections to use strong cipher suites only (128 bit session keys or higher). If you specify false (the default), when Integration Server initiates a connection to another server, it will attempt to negotiate a strong cipher suite, and if unsuccessful will fall back to using a weak (64, 56, or 40 bit) cipher suite. If you specify true, when Integration Server initiates a connection to another server, it will attempt to negotiate a strong cipher suite, and if unsuccessful will disconnect rather than use a weak cipher suite.

Controls the use of JSSE for all of the outbound FTPS connections from Integration Server. Set this parameter to true to use JSSE for all of the outbound FTPS connections. Set this property to false to indicate that JSSE is not used for outbound FTPS connections. The default is false.

Controls the use of JSSE for all of the outbound HTTPS connections from Integration Server. Set this parameter to true to use JSSE for all of the outbound HTTPS connections. Set this property to false to indicate that JSSE is not used for outbound HTTPS connections. The default is true.

Specifies a list of cipher suites for inbound SSL connections. When the default value is set to default, Integration Server uses its default list of cipher suites. If you want to specify non-default cipher suites, enter a comma-separated list of cipher suite names. If the property watt.net.ssl.server.strongcipheronly is set to true, and if there are any non-strong cipher suites in the list, those will be ignored and a warning message will be logged.

You can set the value of this parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these. For information about specifying a file as the value for this parameter, see Specifying Cipher Suites for Use with SSL.

Identifies the random algorithm name used by Integration Server. The default value is FIPS186_2usingSHA1.

Specifies the number of milliseconds that Integration Server waits for a response during an SSL handshake before timing out. Integration Server uses this value for inbound and outbound requests. The default is 20000 milliseconds.

Specifies whether Integration Server logs the SSL session information for inbound connections. When this parameter is set to true, Integration Server logs the SSL session in a separate inboundSSLSessions.log file for Entrust and JSSE security providers. Integration Server creates the inboundSSLSessions.log file under Integration server_directory\instances\instance_name\logs directory. SSL session information is logged in JSON format. When this parameter is set to false, Integration Server does not log the SSL session information. The default value is false.

Specifies the maximum size of the inboundSSLSessions.log file in megabytes (MB). When the file reaches the maximum size, Integration Server renames the file to inboundSSLSessions_<DATE(YYYYMMDD)>_TIME(HHMMSS).log and creates a new inboundSSLSessions.log file. Specify an integer greater than 0 ( zero). If you specify a value less than or equal to zero, then Integration Server uses the default value. The default value is 10.

Specifies whether Integration Server tracks the SSL session log entries in cache. If this parameter is set to true, Integration Server does not log the SSL session information for entries that already exist in the cache. This eliminates duplicate entries in the log file. Default value is false.

Specifies, in seconds, how often Integration Server checks for and removes the expired SSL session log entries from cache. If a client reuses a session for which Integration Server has removed the log entry, then Integration Server logs the session information again for that session. Specify an integer greater than 0 ( zero). If you specify a value less than or equal to zero, then Integration Server uses the default value. The default is 300 seconds.

Integration Server uses a sweeper task called SSL Session Log Entries Sweeper to remove the expired sessions.

Specifies either an absolute or relative path to the file to which Integration Server writes the SSL session information. Relative path is relative to the Integration Server home directory:Integration Server_directory\instances\instance_name. You must specify a path with a valid directory name and filename. The default is: Integration server_directory\instances\instance_name\logs\inboundSSLSessions.log.

If you specify a path that points to a network location, when the location is inaccessible to log the session details, Integration Server logs the SSL session information to the console till the location becomes accessible. Additionally, if Integration Server faces a connection problem while logging the session details, then the log file may contain null or invalid characters.

Specifies whether the SSL session log entry is formatted with carriage returns and indentation to make the SSL session log easier to read. If this parameter is set to true, Integration Server formats JSON with carriage returns and indentation to ease readability. The default is false.

Specifies whether Integration Server includes a timestamp in the SSL session log entries. If this parameter is set to true, log entry begins with a timestamp. The default is false.

Example:

If this parameter is set to true, then the log entry starts with a timestamp:2019-07-03 10:37:24 IST {"provider":"JSSE","loggedInUser":"Administrator"…..}. If this parameter is set to false, then the log entry does not contain a timestamp:{"provider":"JSSE","loggedInUser":"Administrator"…..}

Specifies whether the Integration Server is to restrict inbound HTTPS connections to use strong cipher suites only (128 bit session keys or higher). If you specify false (the default), when a client connects to the Integration Server, the server will attempt to negotiate a strong cipher suite, and if unsuccessful will fall back to using a weak (64, 56, or 40 bit) cipher suite. If you specify true, when a client connects to the Integration Server, the server will attempt to negotiate a strong cipher suite, and if unsuccessful will disconnect rather than use a weak cipher suite.

Specifies the number of seconds the server waits for an HTTP request to be fulfilled before the request times out. To set Integration Server to wait indefinitely for a response from the target server, set this parameter to 0. The default is 300 (5 minutes).

Specifies whether Integration Server accepts or denies cookies when communicating with web server. Set to true to accept cookies; set to false (or null) to deny cookies. The default is true.

Specifies the value the server uses in the HTTP User Agent request header when it requests a web document from a web server. The default is Mozilla/4.0 [en] (WinNT; I).