Security Properties for C++

Property	Description	Default
vbroker.security.logLevel	Controls the degree of logging. Acceptable values are: LEVEL_WARN, LEVEL_NOTICE, LEVEL_INFO, and LEVEL_DEBUG strings.	LEVEL_WARN
vbroker.security.logFile	By default, log output is to std::cerr. You can use this property to redirect the log output to a named file.	null
vbroker.security.secureTransport	Determines whether secure transport is supported or not. If set to false, transport uses CLEAR_ONLY. This property also determines if the client side of the ORB is always connected to the server using SSL. If the server does not support SSL, this property is set to false, and the client will not connect.	true
vbroker.security.alwaysSecure	This is a client-side only property. It determines whether to use secure transport only or not. Note: To use secure transport only, the secureTransport property must also be set to true.	true
vbroker.security.server.transport	This is a server-side only property. It defines whether the server transport is: CLEAR_ONLY, SECURE_ONLY or ALL. This property will not take effect when the secureTransport property is set to false.	SECURE_ONLY
vbroker.security.disable	If this property is set to true, it disables all security services.	false
vbroker.security.requireAuthentication	A server-side only property. Use it to specify whether the client is required to authenticate.	true
vbroker.security.authentication.callbackHandler	Specifies the callback handler for login modules to use for interacting with the user for credentials. You can specify one of the following or your own custom callback handler: com.borland.security.provider.authn.CmdLineCallbackHandler com.borland.security.provider.authn.HostCallbackHandler CmdLineCallbackHandler has password echo on, while HostCallbackHandler has password echo off. For more information, see “VisiSecure for C++ APIs”.	HostCallback Handler
vbroker.security.authentication.config	Specifies the path to the configuration file used for authentication.	null
vbroker.security.authentication.retryCount	Number of times to retry if remote authentication failed.	3
vbroker.security.login	If set to true at initialization-time this property tries to login to all the realms listed by property vbroker.security.login.realms.	true
vbroker.security.login.realms	Gives a list of comma-separated realms to login to. This is used when login takes place, either through property vbroker.security.login (set to true) or API login.	n/a
vbroker.security.vault	Specifies the path to the vault file. This property takes effect regardless of whether vbroker.security.login is set to true or false.	n/a
vbroker.security.identity.reactiveLogin	When set to true, the security service behaves as follows. If the security service cannot find an identity for any of the targets supported by a server it is attempting to communicate with, it then attempts to acquire credentials for one of the targets in the target object's IOR. If a corresponding authentication realm is available for this target (that the user chooses to provide credentials for), then authentication is also attempted locally. Reactive login requires a callback handler to be set either using the appropriate property or at runtime by calling the appropriate method. The default handler is HostCallbackHandler.	true
vbroker.security.authDomains	Specifies a comma-separated list of available authorization domains. For example: vbroker.security.authDomains=domain1,domain2	n/a
vbroker.security.domain.<domain-name>.rolemap_path	Specifies the location of the RoleDB file that describes the roles used for authorization. This is scoped within the domain <domain_name> specified in: vbroker.security.authDomains.	n/a
vbroker.security.domain.<domain_name>.rolemap_enableRefresh	When set to true, enables dynamic loading of the RoleDB file specified in vbroker.security.domain.<domain_name>.rolemap_path property. The interval of dynamic loading is specified by property vbroker.security.domain.<domain_name>.rolemap_refreshTimeInSeconds.	false
vbroker.security.domain.<domain_name>.rolemap_refreshTimeInSeconds	Specifies the rolemap refresh time in seconds.	300
vbroker.security.domain.<domain_name>.defaultAccessRule	When clients attempt to access CORBA resources, access control decides whether to allow or disallow. Decisions are made based on what roles are required to access the resources and on whether the client exists in at least one of the roles. In some situations in the system does not know the roles required to access some resource. The value of this property [grant or deny] determines the decision to be made in this kind of situation.	grant
vbroker.security.cert.basicConstraintCritical	As per the X509 V3 standard, non end-user certificates in a certificate chain must have an extension that is called “basic constraint”. According to the standard, this extension when present must be marked as “critical”, enforcing the recipient to “must understand” and to process accordingly. This enforcement is too strict for an earlier implementation that is aware only of X509 V1.	false
vbroker.security.config.root	This is the absolute path of the directory, to which all relative file system references for various VisiSecure config files refer.	n/a
vbroker.security.identityAssertion	The server side of this ORB is enabled to propagate the IdentityTokem sent as part of CSIV2 service context to the next tier (if any). Value can be true or false.	n/a
vbroker.security.peerAuthenticationMode	Sets the peer authentication mode. Possible values are: REQUIRE—Peer certificates are required to establish a connection. If the peer does not present its certificates, the connection will be refused. Peer certificates will also be authenticated, if not valid, the connection will be refused. If required, transport identity can be established using these certificates. In this mode, peer certificates are not required to be trusted. REQUIRE_AND_TRUST—Same as REQUIRE mode, except that the peer certificates need to be trusted, otherwise the connection will be refused. REQUEST—Peer certificates will be requested. The peer is not required to have certificates; no transport identity will be established when peer does not have certificates. However, if a peer does present certificates, the certificates will be authenticated; if not valid, the connection will be refused. If required, transport identity can be established using these certificates. In this mode, peer certificates are not required to be trusted. REQUEST_AND_TRUST—Same as REQUEST mode except that the peer certificates need to be trusted, otherwise the connection will be refused. NONE—Authentication is not required. During handshake, no certificate request will be sent to the peer. Regardless of whether the peer has certificates, a connection will be accepted. There will be no transport identity for the peer.	REQUIRE_AND_ TRUST
vbroker.security.trustpointsRepository	Specifies a path to the directory containing trusted certificates. These are given in the form Directory:<certs_dir>. For example: vbroker.security.trustpointsRepository=Directory:c:\data\identities\Delta	n/a
vbroker.security.assertions.trust.<n>	Use to specify a list of trusted roles (specify with the format <role>@<authorization_domain>). <n> is uniquely identified for each trust assertion rule as a list of digits. For example, setting vbroker.security.assertions.trust.1=ServerAdmin@default means this process trusts any assertion made by the ServerAdmin role in the default authorization domain.	n/a
vbroker.security.assertions.trust.all	Setting to true will trust all assertions made by peers.	false
vbroker.security.server.requireUPIdentity	A server side only property. If the server requires the client to send a Username/Password for authentication (regardless of certificate-based authentication), set to true. If vbroker.security.login.realms is set, this property is automatically set to true. However, you can override it by explicitly setting it in the property file.	n/a
vbroker.security.cipherList	Set this to a list of comma-separated ciphers to be enabled by default on startup. If not set, a default list of cipher suites will be enabled. These should be valid SSL Ciphers.	n/a
vbroker.security.wallet.type	A wallet is a set of directories containing encrypted private keys and certificate chains for each identity. Use this property to point to the directory containing the directories for all identities, using the format: Directory:<path_to_identities>	n/a
vbroker.security.wallet.identity	Points to a directory within the path defined in vbroker.security.wallet.type that contains keys and/or certificate information for a specific identity.	n/a
vbroker.security.wallet.password	Specifies the password used to decrypt the private key or the password associated with the login.	n/a
vbroker.security.client.supportNoDelegation	If set to true, the client will add support for NoDelegate in TAG_SSL_SEC_TRANS tag.	false
vbroker.security.addOID	Allows for setting of additional OID.	null
vbroker.security.server.socket.enabledProtocols	Specifies the SSL handshaking protocol version, that is SSLv3, TLSv1 or SSLv2 during the SSL handshaking process when using the VBC security module. Possible values are listed below: TLS_Version_1_0_Only Use this option for the highest security when you are certain that the SSL peer also supports TLS 1.0. This option behaves in the same manner as SSL_Version_3_0_Only, but applies to the TLS 1.0 protocol. SSL_Version_3_0_Only The library sends initial “Hello” messages using SSL 3.0 and all communication uses SSL 3.0. If the peer does not support SSL 3.0, the handshake fails without a meaningful indication of why it failed. This setting can cause problems with some SSL 2.0 servers because they do not understand the SSL 3.0 “Hello”. SSL_Version_Undetermined This is the default. It allows any of the SSLv3, TLSv1 or SSLv2 protocols; if the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2.	SSL_Version_ Undetermined
vbroker.security.client.socket.enabledProtocols	This property specifies the SSL handshaking protocol version, i.e. SSLv3, TLSv1 and SSLv2 during the SSL handshaking process when using the VBC security module. Possible values are listed below: TLS_Version_1_0_Only Use this option for the highest security when you are certain that the SSL peer also supports TLS 1.0. This option behaves in the same manner as SSL_Version_3_0_Only, but applies to the TLS 1.0 protocol. SSL_Version_3_0_Only The library sends initial “Hello” messages using SSL 3.0 and all communication uses SSL 3.0. If the peer does not support SSL 3.0, the handshake fails without a meaningful indication of why it failed. This setting can cause problems with some SSL 2.0 servers because they do not understand the SSL 3.0 “Hello”. TLS_Version_1_0_With_2_0_Hello In this mode, the library negotiates using only TLS 1.0, but begins by sending an SSL 2.0 “Hello”. This mode behaves in the same way as SSL_Version_3_0_With_2_0_Hello, but applies to TSL 1.0. If the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2. SSL_Version_3_0_With_2_0_Hello In this mode, the library negotiates using only SSL 3.0, but begins by sending an SSL 2.0 “Hello”. Beyond the initial “Hello” message, SSL 2.0 communication is not permitted in this mode. Use this mode if you wish to have the security of SSL 3.0, but also wish to allow clients which send SSL 2.0 “Hello” messages to connect, or if you want meaningful error messages when connecting to an SSL 2.0-only peer. If the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2. SSL_Version_Undetermined This is the default. It allows any of the SSLv3, TLSv1 or SSLv2 protocols; if the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2.	SSL_Version_ Undetermined
vbroker.security.CRLRepository	This property is deprecated. To specify a CRL, use the “void addTrustedCertificate (const CORBAsec::X509Cert& trusted,const CORBAsec::ASN1Object* crl = NULL)” API instead. Specifies the directory where you want the list of serial numbers of revoked certificates (Certificate Revocation List (CRL)), issued by the Certificate Authority (CA), to reside. All files in the directory will be loaded and interpreted as CRL—no longer valid. The CRL file must be in the DER format. Once the CRLs are loaded, VisiSecure examines all certificates sent by a peer during SSL handshake. If any of the peer certificates appears in the CRLs, an exception will be thrown and the connection will be refused. For more information, see “Certificate Revocation List (CRL) and revoked certificate serial numbers”.	n/a
vbroker.security.server.ssl.handshakeTimeout	Specifies the maximum time (in milliseconds) for the SSL handshake to complete at the Server side. It can help to prevent the Server from hanging due to unresponsive Clients during the SSL handshake. The default timeout is 5000ms. To disable the timeout, set it to 0.	5000

vbroker.security.logLevel

Controls the degree of logging. Acceptable values are: LEVEL_WARN, LEVEL_NOTICE, LEVEL_INFO, and LEVEL_DEBUG strings.

LEVEL_WARN

vbroker.security.logFile

By default, log output is to std::cerr. You can use this property to redirect the log output to a named file.

null

vbroker.security.secureTransport

Determines whether secure transport is supported or not. If set to false, transport uses CLEAR_ONLY.

This property also determines if the client side of the ORB is always connected to the server using SSL. If the server does not support SSL, this property is set to false, and the client will not connect.

true

vbroker.security.alwaysSecure

This is a client-side only property. It determines whether to use secure transport only or not.

Note: To use secure transport only, the secureTransport property must also be set to true.

true

vbroker.security.server.transport

This is a server-side only property. It defines whether the server transport is: CLEAR_ONLY, SECURE_ONLY or ALL. This property will not take effect when the secureTransport property is set to false.

SECURE_ONLY

vbroker.security.disable

If this property is set to true, it disables all security services.

false

vbroker.security.requireAuthentication

A server-side only property. Use it to specify whether the client is required to authenticate.

true

vbroker.security.authentication.callbackHandler

Specifies the callback handler for login modules to use for interacting with the user for credentials. You can specify one of the following or your own custom callback handler:

com.borland.security.provider.authn.CmdLineCallbackHandler
com.borland.security.provider.authn.HostCallbackHandler

CmdLineCallbackHandler has password echo on, while HostCallbackHandler has password echo off. For more information, see “VisiSecure for C++ APIs”.

HostCallback
Handler

vbroker.security.authentication.config

Specifies the path to the configuration file used for authentication.

null

vbroker.security.authentication.retryCount

Number of times to retry if remote authentication failed.

3

vbroker.security.login

If set to true at initialization-time this property tries to login to all the realms listed by property vbroker.security.login.realms.

true

vbroker.security.login.realms

Gives a list of comma-separated realms to login to. This is used when login takes place, either through property vbroker.security.login (set to true) or API login.

n/a

vbroker.security.vault

Specifies the path to the vault file. This property takes effect regardless of whether vbroker.security.login is set to true or false.

n/a

vbroker.security.identity.reactiveLogin

When set to true, the security service behaves as follows. If the security service cannot find an identity for any of the targets supported by a server it is attempting to communicate with, it then attempts to acquire credentials for one of the targets in the target object's IOR. If a corresponding authentication realm is available for this target (that the user chooses to provide credentials for), then authentication is also attempted locally.

Reactive login requires a callback handler to be set either using the appropriate property or at runtime by calling the appropriate method. The default handler is HostCallbackHandler.

true

vbroker.security.authDomains

Specifies a comma-separated list of available authorization domains. For example:

vbroker.security.authDomains=domain1,domain2

n/a

vbroker.security.domain.<domain-name>.rolemap_path

Specifies the location of the RoleDB file that describes the roles used for authorization. This is scoped within the domain <domain_name> specified in: vbroker.security.authDomains.

n/a

vbroker.security.domain.<domain_name>.rolemap_enableRefresh

When set to true, enables dynamic loading of the RoleDB file specified in vbroker.security.domain.<domain_name>.rolemap_path property. The interval of dynamic loading is specified by property vbroker.security.domain.<domain_name>.rolemap_refreshTimeInSeconds.

false

vbroker.security.domain.<domain_name>.rolemap_refreshTimeInSeconds

Specifies the rolemap refresh time in seconds.

300

vbroker.security.domain.<domain_name>.defaultAccessRule

When clients attempt to access CORBA resources, access control decides whether to allow or disallow. Decisions are made based on what roles are required to access the resources and on whether the client exists in at least one of the roles.

In some situations in the system does not know the roles required to access some resource. The value of this property [grant or deny] determines the decision to be made in this kind of situation.

grant

vbroker.security.cert.basicConstraintCritical

As per the X509 V3 standard, non end-user certificates in a certificate chain must have an extension that is called “basic constraint”. According to the standard, this extension when present must be marked as “critical”, enforcing the recipient to “must understand” and to process accordingly.

This enforcement is too strict for an earlier implementation that is aware only of X509 V1.

false

vbroker.security.config.root

This is the absolute path of the directory, to which all relative file system references for various VisiSecure config files refer.

n/a

vbroker.security.identityAssertion

The server side of this ORB is enabled to propagate the IdentityTokem sent as part of CSIV2 service context to the next tier (if any).

Value can be true or false.

n/a

vbroker.security.peerAuthenticationMode

Sets the peer authentication mode. Possible values are:

REQUIRE—Peer certificates are required to establish a connection. If the peer does not present its certificates, the connection will be refused. Peer certificates will also be authenticated, if not valid, the connection will be refused. If required, transport identity can be established using these certificates. In this mode, peer certificates are not required to be trusted.

REQUIRE_AND_TRUST—Same as REQUIRE mode, except that the peer certificates need to be trusted, otherwise the connection will be refused.

REQUEST—Peer certificates will be requested. The peer is not required to have certificates; no transport identity will be established when peer does not have certificates. However, if a peer does present certificates, the certificates will be authenticated; if not valid, the connection will be refused. If required, transport identity can be established using these certificates. In this mode, peer certificates are not required to be trusted.

REQUEST_AND_TRUST—Same as REQUEST mode except that the peer certificates need to be trusted, otherwise the connection will be refused.

NONE—Authentication is not required. During handshake, no certificate request will be sent to the peer. Regardless of whether the peer has certificates, a connection will be accepted. There will be no transport identity for the peer.

REQUIRE_AND_
TRUST

vbroker.security.trustpointsRepository

Specifies a path to the directory containing trusted certificates. These are given in the form Directory:<certs_dir>. For example:

vbroker.security.trustpointsRepository=Directory:c:\data\identities\Delta

n/a

vbroker.security.assertions.trust.<n>

Use to specify a list of trusted roles (specify with the format <role>@<authorization_domain>). <n> is uniquely identified for each trust assertion rule as a list of digits.

For example, setting vbroker.security.assertions.trust.1=ServerAdmin@default means this process trusts any assertion made by the ServerAdmin role in the default authorization domain.

n/a

vbroker.security.assertions.trust.all

Setting to true will trust all assertions made by peers.

false

vbroker.security.server.requireUPIdentity

A server side only property. If the server requires the client to send a Username/Password for authentication (regardless of certificate-based authentication), set to true. If vbroker.security.login.realms is set, this property is automatically set to true. However, you can override it by explicitly setting it in the property file.

n/a

vbroker.security.cipherList

Set this to a list of comma-separated ciphers to be enabled by default on startup. If not set, a default list of cipher suites will be enabled. These should be valid SSL Ciphers.

n/a

vbroker.security.wallet.type

A wallet is a set of directories containing encrypted private keys and certificate chains for each identity. Use this property to point to the directory containing the directories for all identities, using the format: Directory:<path_to_identities>

n/a

vbroker.security.wallet.identity

Points to a directory within the path defined in vbroker.security.wallet.type that contains keys and/or certificate information for a specific identity.

n/a

vbroker.security.wallet.password

Specifies the password used to decrypt the private key or the password associated with the login.

n/a

vbroker.security.client.supportNoDelegation

If set to true, the client will add support for NoDelegate in TAG_SSL_SEC_TRANS tag.

false

vbroker.security.addOID

Allows for setting of additional OID.

null

vbroker.security.server.socket.enabledProtocols

Specifies the SSL handshaking protocol version, that is SSLv3, TLSv1 or SSLv2 during the SSL handshaking process when using the VBC security module. Possible values are listed below:

TLS_Version_1_0_Only

Use this option for the highest security when you are certain that the SSL peer also supports TLS 1.0. This option behaves in the same manner as SSL_Version_3_0_Only, but applies to the TLS 1.0 protocol.

SSL_Version_3_0_Only

The library sends initial “Hello” messages using SSL 3.0 and all communication uses SSL 3.0. If the peer does not support SSL 3.0, the handshake fails without a meaningful indication of why it failed. This setting can cause problems with some SSL 2.0 servers because they do not understand the SSL 3.0 “Hello”.

SSL_Version_Undetermined

This is the default. It allows any of the SSLv3, TLSv1 or SSLv2 protocols; if the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2.

SSL_Version_
Undetermined

vbroker.security.client.socket.enabledProtocols 

This property specifies the SSL handshaking protocol version, i.e. SSLv3, TLSv1 and SSLv2 during the SSL handshaking process when using the VBC security module. Possible values are listed below:

TLS_Version_1_0_Only

SSL_Version_3_0_Only

TLS_Version_1_0_With_2_0_Hello

In this mode, the library negotiates using only TLS 1.0, but begins by sending an SSL 2.0 “Hello”. This mode behaves in the same way as SSL_Version_3_0_With_2_0_Hello, but applies to TSL 1.0. If the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2.

SSL_Version_3_0_With_2_0_Hello

In this mode, the library negotiates using only SSL 3.0, but begins by sending an SSL 2.0 “Hello”. Beyond the initial “Hello” message, SSL 2.0 communication is not permitted in this mode. Use this mode if you wish to have the security of SSL 3.0, but also wish to allow clients which send SSL 2.0 “Hello” messages to connect, or if you want meaningful error messages when connecting to an SSL 2.0-only peer. If the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2.

SSL_Version_Undetermined

This is the default. It allows any of the SSLv3, TLSv1 or SSLv2 protocols; if the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2.

SSL_Version_
Undetermined

vbroker.security.CRLRepository

This property is deprecated. To specify a CRL, use the “void addTrustedCertificate (const CORBAsec::X509Cert& trusted,const CORBAsec::ASN1Object* crl = NULL)” API instead.

Specifies the directory where you want the list of serial numbers of revoked certificates (Certificate Revocation List (CRL)), issued by the Certificate Authority (CA), to reside. All files in the directory will be loaded and interpreted as CRL—no longer valid. The CRL file must be in the DER format.

Once the CRLs are loaded, VisiSecure examines all certificates sent by a peer during SSL handshake. If any of the peer certificates appears in the CRLs, an exception will be thrown and the connection will be refused. For more information, see “Certificate Revocation List (CRL) and revoked certificate serial numbers”.

n/a

vbroker.security.server.ssl.handshakeTimeout

Specifies the maximum time (in milliseconds) for the SSL handshake to complete at the Server side. It can help to prevent the Server from hanging due to unresponsive Clients during the SSL handshake. The default timeout is 5000ms. To disable the timeout, set it to 0.

5000

Property	Default	Description
vbroker.se.<se_name>.scm.ssl.manager.type	Socket	Type of the Server Connection Manager. The only possible value, in VisiBroker for C++, is Socket.
vbroker.se.<se_name>.scm.ssl.manager.connectionMax	0	The maximum number of cached connections on the server. The default 0 means that there is no restriction.
vbroker.se.<se_name>.scm.ssl.manager.connectionMaxIdle	0	Specifies the time, in seconds, which the server uses to determine if an inactive connection should be closed. If a cached connection has been idle longer than this time, then the server closes the connection.
vbroker.se.<se_name>.scm.ssl.listener.type	SSL	The type of protocol that the listener is using.
vbroker.se.<se_name>.scm.ssl.listener.port	0	Specifies the port number to be used with the host name property. 0 means that the system will pick a random port number.
vbroker.se.<se_name>.scm.ssl.listener.proxyPort	0	Specifies the proxy port number to be used with the proxy host name property. 0 means that the system will pick a random port number.
vbroker.se.<se_name>.scm.ssl.dispatcher.type	ThreadPool	The type of thread dispatcher used in the Server Connection Manager. Possible values are ThreadPool and ThreadSession.
vbroker.se.<se_name>.scm.ssl.dispatcher.threadMin	0	Specifies the minimum number of threads that the Server Connection Manager must create.
vbroker.se.<se_name>.scm.ssl.dispatcher.threadMax	0	Specifies the maximum number of threads that the Server Connection Manager can create.
vbroker.se.<se_name>.scm.ssl.dispatcher.threadMaxIdle	0	Specifies the time, in seconds, before an idle thread is removed from the thread pool.
vbroker.se.<se_name>.scm.ssl.connection.tcpNoDelay	false	Specifies whether tcp_nodelay should be set on the socket.
vbroker.se.<se_name>.scm.<scm_name>.listener.selectorMax	20	Specifies the maximum number of NIO Selectors that can be created in the NIO Selector Pool. Increasing this value may improve the throughput if there is a very high number of concurrent invocations. This property is only applicable if NIO SSL Socket is configured at the server side.

Property

Default

Description

vbroker.se.<se_name>.scm.ssl.manager.type

Socket

Type of the Server Connection Manager. The only possible value, in VisiBroker for C++, is Socket.

vbroker.se.<se_name>.scm.ssl.manager.connectionMax

0

The maximum number of cached connections on the server. The default 0 means that there is no restriction.

vbroker.se.<se_name>.scm.ssl.manager.connectionMaxIdle

0

Specifies the time, in seconds, which the server uses to determine if an inactive connection should be closed. If a cached connection has been idle longer than this time, then the server closes the connection.

vbroker.se.<se_name>.scm.ssl.listener.type

SSL

The type of protocol that the listener is using.

vbroker.se.<se_name>.scm.ssl.listener.port

0

Specifies the port number to be used with the host name property. 0 means that the system will pick a random port number.

vbroker.se.<se_name>.scm.ssl.listener.proxyPort

0

Specifies the proxy port number to be used with the proxy host name property. 0 means that the system will pick a random port number.

vbroker.se.<se_name>.scm.ssl.dispatcher.type

ThreadPool

The type of thread dispatcher used in the Server Connection Manager. Possible values are ThreadPool and ThreadSession.

vbroker.se.<se_name>.scm.ssl.dispatcher.threadMin

0

Specifies the minimum number of threads that the Server Connection Manager must create.

vbroker.se.<se_name>.scm.ssl.dispatcher.threadMax

0

Specifies the maximum number of threads that the Server Connection Manager can create.

vbroker.se.<se_name>.scm.ssl.dispatcher.threadMaxIdle

0

Specifies the time, in seconds, before an idle thread is removed from the thread pool.

vbroker.se.<se_name>.scm.ssl.connection.tcpNoDelay

false

Specifies whether tcp_nodelay should be set on the socket.

vbroker.se.<se_name>.scm.<scm_name>.listener.selectorMax

20

Specifies the maximum number of NIO Selectors that can be created in the NIO Selector Pool. Increasing this value may improve the throughput if there is a very high number of concurrent invocations. This property is only applicable if NIO SSL Socket is configured at the server side.