TSYSRetail Configuration

This field is sent in the request based on the EntryDataSource value specified by default. However that value can be overridden by setting this config.

Valid values are:

This field is used in assigning a value that assists in authenticating the physical presence of a Visa, MasterCard, Discover, PayPal or American Express credit cards.

Valid values are:

By default the TSYSRetail component automatically computes the CardholderId based on several factors. Changing this config setting will override this automatic calculation. Clear this setting to "" (empty string) to restore automatic calculation.

When sending a manually-keyed transaction in a Retail, Restaurant, or Grocery environment it is possible to send AVS data (Customer's address and zip code) along with the card number. If sending the customer's address and zip code in a card-present retail transaction, you should also set the CardholderId configuration setting to "M".

This configuration setting contains a 1-character value used to identify the device and type of the merchant submitting the settlement batch. The table below provides a summary of currently defined values. The default value for this setting is "Q".

This configuration setting is required when sending an Incremental transaction, when the ACI is set to "I". It should be set with the TransactionId from the original (first) authorization. You must keep track of the total authorized amount, which is the sum of the original authorization and all subsequent incremental authorizations, and set the TotalAuthorizedAmount configuration setting in the TSYSDetailRecord component before settlement. Only one detail record should be submitted, no matter how many incremental transactions are authorized.

This configuration setting may contain an optional cash over (cash back) amount when authorizing a Discover card purchase transaction. The value of TransactionAmount must reflect the cost of the goods or service purchased plus this CashOverAmount.

This amount is to be presented with an implied decimal point. For example, US $10.00 must be represented as 1000, and $0.10 is likewise simply 10. The allowable number of significant digits as well as the positioning of any implied decimal point is dictated by the designated CurrencyCode configuration setting. In the United States (default), the number of allowable significant digits is seven. Thus the maximum TransactionAmount is "9999999", yielding a US dollar amount of $99,999.99. This field may not contain a negative number.

Note: CashOverAmount is only available for Discover cards in the Retail and Grocery Store IndustryType.

Note: CardPresent must be set to 'True' when requesting a CashOverAmount.

Note: AllowPartialAuths must be set to 'True' to use CashOverAmount.

Note: CashOverAmount's can be partially approved as well and thus you should use the ResponseCashOverAmount to verify the approved amount.

This configuration setting contains the cash over (cash back) amount of an authorized Discover card purchase transaction and will only be populated if a cash over amount was received in the authorization response.

Note: Cash Over amounts can be partially approved and thus ResponseCashOverAmount may not be the same as the original CashOverAmount value requested.

This configuration setting, when set to 'True', will send the authorization request as a Quasi-Cash transaction which is used for the purchase of semi-cash items such as casino chips, travelers checks, stamps, etc.

This configuration setting is for informational purposes only and any surcharge amounts charged to the customer should be included in the TransactionAmount.

The format of this field is 'annnnnnnn' where 'a' is either 'D' for debit or 'C' for credit. 'nnnnnnnn' is the numeric fee amount with the decimal implied. For example: 'D00000150' is a $1.50 transaction fee amount debited to the cardholder's account.

Note: If an amount is only specified, the component will generate the format above by prepending a 'D' and the necessary number of 0's.

This config is used to provide information about magnetic stripe read transactions using chip capable cards at chip capable POS devices.

Available values are:

This configuration setting takes the entire TLV (tag-length-value) response received from a Pin Pad after reading an EMV card. When setting this field, any EMV tags that are not specified within the TSYS specifications, to include in the request, will be removed from the input. The component will send this data in an authorization request. Note that when performing an EMV transaction, POSDataCode is required.

This configuration setting contains the EMV Data in TLV (tag-length-value) format. This field will only be populated if an EMV transaction was performed and EMV Data was received in the authorization response.

This configuration setting takes a semi-colon separated list of name-value pairs. The available field names and their applicable values can be found below. The fields can be set in any order and not all fields are required to be set (unless you wish to change their default values).

Code Example:

TSYSRetail.Config("POSDataCode=CardholderAuthCap=1;CardInputMode=2;CardInputCap=2");

CardInputCap (Terminal data - card data input capability)

CardholderAuthCap (Terminal data - cardholder authentication capability)

CardCaptureCap (Terminal data - card capture capability)

TerminalOpEnv (Terminal operating environment)

CardholderPresent (Cardholder present data)

CardPresent (Card present data)

CardInputMode (Card data - input mode)

CardholderAuthMethod (Cardholder authentication method)

CardholderAuthEntity (Cardholder authentication entity)

CardOutputCap (Card data output capability)

TerminalOutputCap (Terminal data output capability)

PINCaptureCap (PIN capture capability)

This field is used along with EMVOnlineKSN to perform EMV online PIN transactions. The value of this property must be retrieved from a certified PIN pad device. This property is only valid for Card Present transactions. The maximum length is 16 characters.

This field is used along with EMVOnlinePIN to perform EMV online PIN transactions. The value of this property must be retrieved from a certified PIN pad device. This property is only valid for Card Present transactions. The maximum length is 16 characters.

This field is used to identify the department name within the location where the transaction took place. The maximum length is 40 characters.

This field is used to identify the merchant name that appears on the storefront and/or customer receipts and statements. The maximum length is 38 characters.

This field is used to identify the merchant's street address where the transaction took place. The maximum length is 38 characters.

This field is used to identify the name of the city where the transaction took place. The maximum length is 21 characters.

This field is used to identify the region code that corresponds to the state, province, or other country subdivision of the merchant location where the transaction took place. The maximum length is 3 characters.

This field is used to identify the country code of the location where the transaction took place. For example, the country code for USA is "840." The maximum length is 3 characters.

This field is used to identify the postal / zip code of the location where the transaction took place. The maximum length is 15 characters.

This field is required for all MasterCard PayPass (contactless) transactions. Valid values are:

The Terminal/Lane ID may be printed on all POS transactions where the terminal is capable of generating customer receipts. This is an eight digit numeric field and it can be sent for any card brand.

This field is used to indicate the remote domain server indicator for cardholder PayPass device types. Valid values are:

This field defines the type of authorization request and must be included on all MasterCard authorization request transactions.

Valid values are:

If an authorization returns ambiguously or times out without receiving a response, you may send the same transaction over again with this Retry flag set to True. This will prevent you from double-charging your customers in the case of a communications error (only available for credit card transactions. Does not apply to Debit, Gift Card, or EBT transactions).

When set to 'True', AVS data will be sent in the extended AVS field for the transaction. ResponseCardholderVerification will contain the extended AVS verification results. When set to 'False' (default value), the CustomerAddress and CustomerZip values will be sent using the simple AVS data fields.

The value of this field is used to correctly match responses with transactions by comparing its value to that of the StoreNumber. This is particularly useful when making a multi-merchant or multi-store routing system. If the system that originally made the transaction receives a response where the ResponseStoreNumber is not identical to the StoreNumber the transaction should not be stored for batch settlement. This field is read-only.

The value of this field is used to correctly match responses with transactions by comparing its value to that of TerminalNumber. This is particularly useful when making a multi-terminal routing system within a merchant location. If the terminal that originally made the transaction receives a response where the ResponseTerminalNumber is not identical to the TerminalNumber, the transaction should not be stored for batch settlement. This field is read-only.

This response data is returned when SendExtendedAVS is set to 'True' and is only available for American Express and Discover cards. This data is arranged in order of 5 bytes, one for each result of a cardholder identification data element:

The possible values for each byte are:

For Discover transactions, byte 3 will be populated with the following values:

This is port that this component connects to on the server. The default value for TSYS is 5003 for the live server, and 5004 for the test server. The default live server values for Heartland is 22341 for Authorization and 22342 for Settlement. The Heartland test server values are 12341 for Authorization and 12342 for Settlement.

This is name of the server to which all transactions are posted. Do not use an IP address, use the actual name, as a server's IP address may change. The default (Live) TSYS server is "ssl2.vitalps.net", but you may use "ssltest.tnsi.com" for testing. The default (Live) Heartland server is "txns.secureexchange.net", but you may use "test.txns.secureexchange.net" for testing. Note that there are several BankIds and Numbers that will always run in test mode regardless of whether you are using the live server. See the included demos for examples.

This field is used to specify the AuthenticationCode, assigned by TSYS, to authenticate a POS device (made via a call to ActivateTerminal).

This is an action config which when called will authenticate a POS device with TSYS. Authentication is required when processing transactions using Voltage Encryption or Tokenization. An AuthenticationCode is required to be specified, as is Zip and/or ServicePhone, to perform authentication. After a POS device is successfully authenticated, GenKey will be populated.

This is an action config which when called will deactivate the POS device specified via GenKey with TSYS.

This field is used to specify retrieve or specify a GenKey value for a terminal. This field will be populated after a successful call to ActivateTerminal is made. The Genkey must be stored in the POS device, must be sent with every request to the TSYS Acquiring Solutions host after authentication (by setting this field), and will be checked against the terminal hierarchy. A GenKey value is required when processing transactions using Voltage Encryption or Tokenization.

This field is used to specify the Base-64 encoded ETB (Encryption Transmission Block) used by TSYS to decrypt Voltage encrypted data. The value is retrieved from the POS device containing the Voltage encryption software. When specified, the transaction will be sent as a Voltage encrypted transaction. The encrypted card data will be specified as normal via the MagneticStripe or Number fields.

By default the component automatically selects the correct ACI for the type of transaction being attempted. This configuration setting is for advanced users, and it is not recommended it be changed. That being said, this 1-character field contains the Requested ACI used to identify an authorization request as potentially qualifying for CPS (Custom Payment Services) and MasterCard Merit programs. If a merchant chooses not to participate in CPS, the ACI may be set to "N". The following table provides a summary of the codes currently supported by both Visa and MasterCard. Please note that not all of these ACI values are supported in Direct Marketing and Retail transactions.

When this setting is True, if the credit card being authorized does not contain sufficient funds to cover the TransactionAmount, the card will not be declined. Instead, the transaction will be authorized for a lesser amount. The customer must then use another form of payment to make up the remainder. The total amount authorized by TSYS will be returned in the ResponseAuthorizedAmount configuration setting. For instance, if the TransactionAmount is $100.00, but the card only has a $50.00 balance, the card is charged for $50.00, and the ResponseAuthorizedAmount will be "50.00". The merchant may then collect the remaining $50 in cash, check, credit card, or any other acceptable form of payment. This setting is False by default.

This configuration setting takes a vertical bar (|) separated list of name-value pairs. The available field names and their applicable values can be found below. The fields can be set in any order and not all fields are required to be set (unless you wish to change their default values).

Code Example:

TSYSECommerce.Config("AmexCNPInternetPhoneData=CustomerEmail=CFFROST@EMAILADDRESS.COM|CustomerHostName=PHX.QW.AOL.COM|BrowserType=MOZILLA/4.0~(COMPATIBLE;~MSIE~5.0;~WINDOWS~95)|ShipToCountry=840|ShippingMethod=02|ProductSKU=TKDC315U|CustomerIP=127.142.005.056|CustomerANI=6025551212|CustomerIIDigits=00");

This configuration setting takes a vertical bar (|) separated list of name-value pairs. The available field names and their applicable values can be found below. The fields can be set in any order and not all fields are required to be set (unless you wish to change their default values).

Code Example:

TSYSRetail.Config("AmexCPGoodsSoldData=ProductCode=1000");

This field contains a three digit number assigned by the signing member or processor to identify the merchant's location country. These codes are specified by ISO-3166-1. The default is "840", indicating the United States.

This field contains a three digit number assigned by the signing member or processor to identify the merchant's authorization currency. The default is "840", indicating US Dollars. Other values may be used when processing multi-currency.

This field, when set to 'True', indicates that the transaction is a Bill Payment transaction and will be processed as such. When set to 'False' (default value) the transaction will be processed normally.

This field contains a two digit language indicator. This value designates the language to be used in formatting the authorization response text message.

If set to True (default), the CommercialCardType field will indicate whether the credit card submitted for authorization is a Business, Corporate, or Purchasing Card (this is the default function). If False, the contents of the CommercialCardType property must be ignored.

This is an action config which when called will send a token only request to the TSYS Host. Provided the request was successful, a token will be returned for the specified Card. The token can be retrieved via Token and the status of the token will be returned via ResponseTokenStatus. For this request, no card verification or authorization will be performed.

When set to 'True' prior to an Authorize request, a token will be requested for the specified Card data. Provided the authorization and token generation was successful, a token will be returned in the response and can be retrieved via Token. Additionally the status of the token will be returned via ResponseTokenStatus. The returned token can then be used to process future transactions without the use of Card data with the exception of the expiration details. The default value is 'False'.

NOTE: When using this request, verification and authorization of the card will be performed.

This field will be populated after a token is requested via RetrieveToken or RequestToken. The applicable values are:

This field will contain the token received from TSYS from either a RetrieveToken or RequestToken request. This field is also used to specify a token value, used in place of Card data, to be sent in an Authorize request. The token is formatted as a card number, with the last 4 digits preserved. Other characters in the number will be letters rather than numbers. Tokens are used as an added security measure to protect a customer's Card and may also help decrease PCI Compliance verification as storing credit card data is no longer needed.

This 11-digit value, assigned by MasterCard, is assigned during registration via MasterCard Connect for the Service Provider designated as a 'Payment Facilitator'. This value must be present on all MasterCard transactions that originate from a Payment Facilitator.

This 25-character field is a concatenation of two fields separated by an asterisk (*). The Payment Facilitator Name is three characters in length and is followed by the asterisk. The remainder of the field consists of the Sub-Merchant name. This field is required on all MasterCard transactions that originate from a Payment Facilitator.

This 15-digit field is assigned by the Payment Facilitator or the Acquirer. This field is required on all MasterCard transactions that originate from a Payment Facilitator.

This 13-character field indicates the city of the Sub-Merchant location (not the acquirer's location). This field is required on all MasterCard transactions that originate from a Payment Facilitator.

This 2-character field indicates the state or province code of the Sub-Merchant location (not the acquirer's location). This field is required on all MasterCard transactions that originate from a Payment Facilitator. If the Sub-Merchant is non-U.S. and non-Canadian, this field should be '00'.

This 3-digit field indicates the country of the Sub-Merchant location (not the acquirer's location) using ISO-specified numeric codes. This field is required on all MasterCard transactions that originate from a Payment Facilitator.

This 9-character field indicates the geographic/postal code of the Sub-Merchant location (not the acquirer's location). This field is required on all MasterCard transactions that originate from a Payment Facilitator.

This field allows you to specify the processor that you are connecting to (thus allowing the component to correctly generate the request and parse the response). The available values are:

Note that when set, this property will set the Server and Port to the default values for the specified processor. Additionally, this config must be set prior to setting Card to ensure the card data is formatted correctly.

This field allows you to specify the Heartland E3 encryption mode used when processing Heartland transactions. The available values are (descriptions describe the data that will be encrypted):

Note you will also need to set Processor to 1 (Heartland) and HeartlandKeyBlock if you wish to process Heartland E3 transactions.

The specified value must be 4 characters or less. Note that this value is required to comply with MasterCard's Authorization Data Accuracy Initiative.

This field allows you to specify the key block that was used to encrypt the data specified by HeartlandEncryptionMode. This value will be obtained from an E3 magnetic stripe reader and is used by Heartland to decrypt the encrypted data.

Interleaved Mode is intended for high volume transaction environments. When using this communication mode, transaction data is transmitted and received simultaneously without blocking. The advantage of an Interleaved Session is that the connection can stay up and is stateless once connected. Up to 10 simultaneous requests can be sent at a time. By default the value for this configuration setting is False. For instance:

        //Interleaved Transaction Mode 
        TSYSECommerce1.Config("InterleavedMode=True");

        //Maximum number of pending response packets.
        TSYSECommerce1.Config("MaxPendingResponseCount=10");

        TSYSECommerce1.OnResponse += (sender, args) =>
        {
            Console.WriteLine("Response received for {0}, {1}, {2}, {3}", args.TransactionId, args.ResponseCode, args.ResponseText, args.ResponseApprovalCode);
        };

        TSYSECommerce1.Authorize();

        //Explicitly Disconnect
        TSYSECommerce1.Config("DisconnectInterleaved");

When InterleavedMode is set to True the component will return immediately when Authorize is called. This setting specifies the timeout (in seconds) for which the component will wait for a response. If no response is received within InterleavedTimeout seconds the Error event will fire and the connection will be closed.

The default value is 60 (seconds).

This is the maximum number of outstanding transactions that have not yet received a response. This should not exceed the maximum number of 10 interleaved transactions that can be sent at the same time. If an authorization is attempted that would exceed the maximum number of pending response an error occurs.

The default value is 10.

This configuration setting is read only and can be used to explicitly close the interleaved connection. This is usually used when all response packets are received.

This configuration setting is read only and can be used to process any available events. If no events are available, it waits for a preset period of time, and then returns.

When set, this configuration setting allows you to specify a different timeout value for establishing a connection. Otherwise, the component will use Timeout for establishing a connection and transmitting/receiving data.

This is the same as AutoDetect. This setting is provided for use by components that do not directly expose Firewall properties.

If a FirewallHost is given, requested connections will be authenticated through the specified firewall when connecting.

If the FirewallHost setting is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, the FirewallHost setting is set to the corresponding address. If the search is not successful, an error is returned.

NOTE: This is the same as Host. This setting is provided for use by components that do not directly expose Firewall properties.

This entry is for IPPort only and does not work for other components that descend from IPPort.

If this entry is set, the component acts as a server. RemoteHost and RemotePort are used to tell the SOCKS firewall in which address and port to listen to. The firewall rules may ignore RemoteHost, and it is recommended that RemoteHost be set to empty string in this case.

RemotePort is the port in which the firewall will listen to. If set to 0, the firewall will select a random port. The binding (address and port) is provided through the ConnectionStatus event.

The connection to the firewall is made by calling the Connect method.

If FirewallHost is specified, the FirewallUser and FirewallPassword settings are used to connect and authenticate to the given firewall. If the authentication fails, the component throws an exception.

NOTE: This is the same as Password. This setting is provided for use by components that do not directly expose Firewall properties.

Note that the FirewallPort is set automatically when FirewallType is set to a valid value.

NOTE: This is the same as Port. This setting is provided for use by components that do not directly expose Firewall properties.

The appropriate values are as follows:

NOTE: This is the same as FirewallType. This setting is provided for use by components that do not directly expose Firewall properties.

If the FirewallHost is specified, the FirewallUser and FirewallPassword settings are used to connect and authenticate to the Firewall. If the authentication fails, the component throws an exception.

NOTE: This is the same as User. This setting is provided for use by components that do not directly expose Firewall properties.

When set, TCPKeepAlive will automatically be set to true. By default the operating system will determine the time a connection is idle before a TCP keep-alive packet is sent. This system default if this value is not specified here is 2 hours. In many cases a shorter interval is more useful. Set this value to the desired interval in milliseconds.

Note: This value is not applicable in Java.

When set, TCPKeepAlive will automatically be set to true. A TCP keep-alive packet will be sent after a period of inactivity as defined by KeepAliveTime. If no acknowledgement is received from the remote host the keep-alive packet will be re-sent. This setting specifies the interval at which the successive keep-alive packets are sent in milliseconds. This system default if this value is not specified here is 1 second.

Note: This value is not applicable in Java or MAC.

This property controls how a connection is closed. The default is True.

In the case that Linger is True (default), there are two scenarios for determining how long the connection will linger. The first, if LingerTime is 0 (default), the system will attempt to send pending data for a connection until the default IP protocol timeout expires.

In the second scenario, LingerTime is a positive value, the system will attempt to send pending data until the specified LingerTime is reached. If this attempt fails, then the system will reset the connection.

The default behavior (which is also the default mode for stream sockets) might result in a long delay in closing the connection. Although the component returns control immediately, the system could hold system resources until all pending data is sent (even after your application closes).

Setting this property to False forces an immediate disconnection. If you know that the other side has received all the data you sent (by a client acknowledgment, for example), setting this property to False might be the appropriate course of action.

LingerTime is the time, in seconds, to leave the socket connection linger. This value is 0 by default, which means it will use the default IP protocol timeout.

The LocalHost setting contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the component initiate connections (or accept in the case of server components) only through that interface.

If the component is connected, the LocalHost setting shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

This must be set before a connection is attempted. It instructs the component to bind to a specific port (or communication endpoint) in the local machine.

Setting this to 0 (default) enables the system to choose a port at random. The chosen port will be shown by LocalPort after the connection is established.

LocalPort cannot be changed once a connection is made. Any attempt to set this when a connection is active will generate an error.

This; setting is useful when trying to connect to services that require a trusted port in the client side. An example is the remote shell (rsh) service in UNIX systems.

MaxLineLength is the size of an internal buffer, which holds received data while waiting for an EOL string.

If an EOL string is found in the input stream before MaxLineLength bytes are received, the DataIn event is fired with the EOL parameter set to True, and the buffer is reset.

If no EOL is found, and MaxLineLength bytes are accumulated in the buffer, the DataIn event is fired with the EOL parameter set to False, and the buffer is reset.

The minimum value for MaxLineLength is 256 bytes. The default value is 2048 bytes. The maximum value is 65536 bytes.

This setting can be used to throttle outbound TCP traffic. Set this to the number of bytes to be sent per second. By default this is not set and there is no limit.

If set to a positive value, this setting defines the length of data records to be received. The component will accumulate data until RecordLength is reached and only then fire the DataIn event with data of length RecordLength. This allows data to be received as records of known length. This value can be changed at any time, including within the DataIn event.

The default value is 0, meaning this setting is not used.

If set to true, the socket's keep-alive option is enabled and keep-alive packets will be sent periodically to maintain the connection. Set KeepAliveTime and KeepAliveInterval to configure the timing of the keep-alive packets.

Note: This value is not applicable in Java.

When set to 0 (default), the component will use IPv4 exclusively. When set to 1, the component will use IPv6 exclusively. To instruct the component to prefer IPv6 addresses, but use IPv4 if IPv6 is not supported on the system, this setting should be set to 2. The default value is 0. Possible values are:

This setting determines whether the input or output stream is closed after the transfer completes. When set to True (default), all streams will be closed after a transfer is completed. In order to keep streams open after the transfer of data, set this to False. the default value is True.

When true, the socket will send all data that is ready to send at once. When false, the socket will send smaller buffered packets of data at small intervals. This is known as the Nagle algorithm.

By default, this config is set to false.

This setting specifies the allowed server certificate signature algorithms when UseManagedSecurityAPI is True and SSLEnabledProtocols is set to allow TLS 1.2.

When specified the component will verify that the server certificate signature algorithm is among the values specified in this setting. If the server certificate signature algorithm is unsupported the component throws an exception.

The format of this value is a comma separated list of hash-signature combinations. For instance:

IPPort.Config("UseManagedSecurityAPI=true");
IPPort.Config("SSLEnabledProtocols=3072"); //TLS 1.2
IPPort.Config("TLS12SignatureAlgorithms=sha1-rsa,sha1-dsa,sha256-rsa,sha256-dsa");

In order to not restrict the server's certificate signature algorithm, specify an empty string as the value for this setting, which will cause the signature_algorithms TLS 1.2 extension to not be sent.

If set to true, the component will reuse the context if and only if the following criteria are met:

• The target host name is the same.
• The system cache entry has not expired (default timeout is 10 hours).
• The application process that calls the function is the same.
• The logon session is the same.
• The instance of the component is the same.

This minimum cipher strength largely dependent on the security modules installed on the system. If the cipher strength specified is not supported, an error will be returned when connections are initiated.

Please note that this setting contains the minimum cipher strength requested from the security library. The actual cipher strength used for the connection is shown by the SSLStatus event.

Use this setting with caution. Requesting a lower cipher strength than necessary could potentially cause serious security vulnerabilities in your application.

When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the OpenSSLCipherList config setting.

Used to enable/disable the supported security protocols.

Not all supported protocols are enabled by default (the value of this setting is 4032). If you want more granular control over the enabled protocols, you can set this property to the binary 'OR' of one or more of the following values:

When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the OpenSSLCipherList config setting.

TLS 1.1 and TLS1.2 support are only available starting with Windows 7.

Change this setting to use security providers other than the system default.

Use this setting with caution. Disabling SSL security or pointing to the wrong provider could potentially cause serious security vulnerabilities in your application.

The special value "*" (default) picks the default SSL provider defined in the system.

Note: On Windows systems, the default SSL Provider is "Microsoft Unified Security Protocol Provider" and cannot be changed.

The following flags are defined (specified in hexadecimal notation). They can be or-ed together to exclude multiple conditions:

This functionality is currently not available in Java or when the provider is OpenSSL.

The enabled cipher suites to be used in SSL negotiation.

By default, the enabled cipher suites will include all available ciphers ("*").

The special value "*" means that the component will pick all of the supported cipher suites. If SSLEnabledCipherSuites is set to any other value, only the specified cipher suites will be considered.

Multiple cipher suites are separated by semicolons.

Example values when UseManagedSecurityAPI is False (default):

obj.config("SSLEnabledCipherSuites=*");
obj.config("SSLEnabledCipherSuites=CALG_AES_256");
obj.config("SSLEnabledCipherSuites=CALG_AES_256;CALG_3DES");

• CALG_3DES
• CALG_3DES_112
• CALG_AES
• CALG_AES_128
• CALG_AES_192
• CALG_AES_256
• CALG_AGREEDKEY_ANY
• CALG_CYLINK_MEK
• CALG_DES
• CALG_DESX
• CALG_DH_EPHEM
• CALG_DH_SF
• CALG_DSS_SIGN
• CALG_ECDH
• CALG_ECDH_EPHEM
• CALG_ECDSA
• CALG_ECMQV
• CALG_HASH_REPLACE_OWF
• CALG_HUGHES_MD5
• CALG_HMAC
• CALG_KEA_KEYX
• CALG_MAC
• CALG_MD2
• CALG_MD4
• CALG_MD5
• CALG_NO_SIGN
• CALG_OID_INFO_CNG_ONLY
• CALG_OID_INFO_PARAMETERS
• CALG_PCT1_MASTER
• CALG_RC2
• CALG_RC4
• CALG_RC5
• CALG_RSA_KEYX
• CALG_RSA_SIGN
• CALG_SCHANNEL_ENC_KEY
• CALG_SCHANNEL_MAC_KEY
• CALG_SCHANNEL_MASTER_HASH
• CALG_SEAL
• CALG_SHA
• CALG_SHA1
• CALG_SHA_256
• CALG_SHA_384
• CALG_SHA_512
• CALG_SKIPJACK
• CALG_SSL2_MASTER
• CALG_SSL3_MASTER
• CALG_SSL3_SHAMD5
• CALG_TEK
• CALG_TLS1_MASTER
• CALG_TLS1PRF

obj.config("SSLEnabledCipherSuites=*");
obj.config("SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
obj.config("SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA;TLS_DH_ANON_WITH_AES_128_CBC_SHA");

• TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA
• TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA
• TLS_DH_ANON_WITH_AES_128_CBC_SHA
• TLS_DH_ANON_WITH_AES_128_CBC_SHA256
• TLS_DH_ANON_WITH_AES_256_CBC_SHA
• TLS_DH_ANON_WITH_AES_256_CBC_SHA256
• TLS_DH_ANON_WITH_DES_CBC_SHA
• TLS_DH_ANON_WITH_RC4_128_MD5
• TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
• TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
• TLS_DHE_DSS_WITH_AES_256_CBC_SHA
• TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
• TLS_DHE_DSS_WITH_DES_CBC_SHA
• TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
• TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
• TLS_DHE_RSA_WITH_DES_CBC_SHA
• TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
• TLS_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_DES_CBC_SHA
• TLS_RSA_WITH_RC4_128_MD5
• TLS_RSA_WITH_RC4_128_SHA

SSLEnabledCipherSuites is used together with SSLCipherStrength.

Note: This configuration setting is available only in .NET and Java.

If AbsoluteTimeout is set to True, any method which does not complete within Timeout seconds will be aborted. By default, AbsoluteTimeout is False, and the timeout is an inactivity timeout.

Note: This option is not valid for UDP ports.

When the firewall is a tunneling proxy, use this property to send custom (additional) headers to the firewall (e.g. headers for custom authentication schemes).

This is the size of an internal queue in the TCP/IP stack. You can increase or decrease its size depending on the amount of data that you will be receiving. Increasing the value of the InBufferSize setting can provide significant improvements in performance in some cases.

Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the component is activated the InBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small.

This is the size of an internal queue in the TCP/IP stack. You can increase or decrease its size depending on the amount of data that you will be sending. Increasing the value of the OutBufferSize setting can provide significant improvements in performance in some cases.

Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the component is activated the OutBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GuiAvailable to false will ensure that the component does not attempt to process external events.

If set to True, when the component creates a thread the thread's IsBackground property will be explicitly set to True. By default this setting is False.

By default the component will use the system security libraries to perform cryptographic functions. This means calls to unmanaged code will be made. In certain environments this is not desirable. To use a completely managed security implementation set this setting to True. Setting this to True tells the component to use the internal managed implementation instead of using the system's security API.

Note that when this value is set the product's system dll is no longer required as a reference, as all unmanaged code is stored in this file.