OFTPServer Configuration
The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.OFTPServer Configuration Settings
AllowRetry[ConnectionId]: Whether to send a retry indicator when rejecting a file.When rejecting a file from within the AcceptFile event if this setting is set to True the component will send a retry
indicator value to the client to specify the file may be retried later.
This should be set from within the AcceptFile event. For instance:
component.Config("AllowRetry[" + e.ConnectionId + "]");
When set to False (default) the component will send a value indicating the client should not retry the send operation.
| |||||||||||||||||||||||||
ChangeDirection[ConnectionId]: Issues the Change Direction command when set.This setting sends a Change Direction (CD) command to the client when set. In normal operation this should
not be used. This should only be used if a condition arises where you must manually change the speaker when
communicating with the client. For instance:
component.Config("ChangeDirection[" + e.ConnectionId + "]");
| |||||||||||||||||||||||||
| CDAfterSendEndResponse: Whether to issue a CD command after sending an asynchronous EERP.By default the component will send a CD command after sending an asynchronous EERP and getting back a RTR (Ready to Receive) response. This gives control of the connection back to the client. If sending multiple asynchronous EERPs set this to False. After sending all of the EERPs use the ChangeDirection[ConnectionId]; setting to explicitly change the speaker for the connection if desired. | |||||||||||||||||||||||||
TempPath[ConnectionId]: The path of a directory where temporary files will be created.Under certain conditions, the component will create temporary files before processing a file.
The location of the temporary files is determined by this setting. Temporary files are created
when sending a file to the client if any of the following conditions are true.
Note that VirtualFileSecurityLevel is only applicable when Version is set to oftpVer20. This configuration setting can be set with or without a ConnectionId specified. When the ConnectionId is specified, this will cause temporary files for that connection to be written to the specified directory. Otherwise, if no ConnectionId is specified, temporary files for all connections will be written to the given folder. | |||||||||||||||||||||||||
| KeepAlive: This property enables the SO_KEEPALIVE option on the incoming connections. This option prevents long connections from timing out in case of inactivity.The default value is False. When True, KEEPALIVE packets are enabled (for long connections).
Please note that system TCP/IP stack implementations are not required to support SO_KEEPALIVE. This property is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified. | |||||||||||||||||||||||||
| Linger: This property controls how a connection is closed. The default is True. In this case the connection is closed only after all the data is sent. Setting it to False forces an abrupt (hard) disconnection. Any data that was in the sending queue may be lost.When set to True, connections are terminated gracefully.
The default behavior (which is also the default mode for stream sockets) might result in an indefinite delay in closing the connection. Although the component returns control immediately, the system might indefinitely hold system resources until all pending data is sent (even after your application closes). This means that valuable system resources might be wasted. Setting this property to False forces an immediate disconnection. If you know that the other side has received all the data you have sent (by a client acknowledgment, for example), setting this property to False might be the appropriate course of action. This property is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified. | |||||||||||||||||||||||||
| ConnectionType[ConnectionId]: Specifies the type of connection that will be created.Specifies the type of connection that is created.
The default value is 0 (Both) in which the component can both send and receive files. However you can limit
the component to only be able to send or receive files by specifying a value of 1 (Send Only) or 2 (Receive Only).
This may be set within the AcceptConnection event. It only applies to the connection parameters sent by the server to the client. It does not return the value sent by the client to the server. Valid values are:
component.Config("ConnectionType[" + e.ConnectionId + "]=1");
To check the value sent by the client to the server query ReceivedConnectionType[ConnectionId]; instead.
| |||||||||||||||||||||||||
| CreditCount[ConnectionId]: Specifies the maximum credit value.This setting defines the maximum credit value to be sent in the initial connection (SSID command). The default
value is 99 and the maximum value is 999. This setting may be
used within the AcceptConnection event. Querying this setting inside the event will return the value provided by the
connecting client. You may set this value within the event to specify the credit count that will be sent
to the client.
When establishing a connection the smaller of the two values provided by the client and the server will be used. This setting may also be queried after a connection is established to determine the negotiated value. For instance:
string receivedCreditCount = component.Config("CreditCount[" + e.ConnectionId + "]");
component.Config("CreditCount[" + e.ConnectionId + "]=55");
| |||||||||||||||||||||||||
| ExchangeBufferSize[ConnectionId]: Specifies the data exchange buffer size in bytes.This setting defines the data exchange buffer size to be sent in the initial connection (SSID command) in bytes.
The default value is 2048. This setting may be
used within the AcceptConnection event. Querying this setting inside the event will return the value provided by the
connecting client. You may set this value within the event to specify the data exchange buffer size that will be sent
to the client.
When establishing a connection the smaller of the two values provided by the client and the server will be used. This setting may also be queried after a connection is established to determine the negotiated value. For instance:
string receivedExchangeBufferSize = component.Config("ExchangeBufferSize[" + e.ConnectionId + "]");
component.Config("ExchangeBufferSize[" + e.ConnectionId + "]=1024");
| |||||||||||||||||||||||||
| FileDescription[ConnectionId]: Additional description information sent with the file.When sending a file this setting may be set to specify additional information. There is no restriction on the type
of data supplied here. It may be set to a longer filename, or simply additional text data that you wish to pass to
the receiver. The data supplied will be UTF-8 encoded by the component.
The maximum length is 999 bytes (after UTF-8 encoding).
This setting is only applicable when sending files.
For instance:
component.Config("FileDescription[myConnectionId]=My File Description");
To obtain the FileDescription when receiving files use ReceivedFileDescription[ConnectionId]; instead.
| |||||||||||||||||||||||||
| ReceivedConnectionType[ConnectionId]: Returns the connection type specified by the client.This setting returns the connection type specified by the client. It may be queried to determine the type
of connection requested by the client.
This setting returns the type of connection being created. This may be queried within the AcceptConnection event or any time after. It only applies to the connection parameters sent by the client to the server. Valid values are:
For instance:
string receivedConnectionType = component.Config("ReceivedConnectionType[" + e.ConnectionId + "]");
| |||||||||||||||||||||||||
| ReceivedFileDescription[ConnectionId]: Additional description information received with the file.Query this setting after receiving a file to obtain any additional information provided by the client.
The data will be UTF-8 decoded by the component.
For instance:
string receivedFileDescription = component.Config("ReceivedFileDescription[" + e.ConnectionId + "]");
| |||||||||||||||||||||||||
| ReceivedFileName[ConnectionId]: Returns the name of the received file.This setting may be queried inside the EndTransfer event to obtain the name of the received file on disk. This includes the full path to the file on disk. | |||||||||||||||||||||||||
| Retry[ConnectionId]: Indicates whether the recipient allows the send to be retried.When sending files the recipient may reject the file for a number of reasons. The recipient may indicate that the operation can be re-attempted later. Query this setting after a send attempt was rejected to determine if the recipient allows retries. This setting will return either True or False. | |||||||||||||||||||||||||
| ServerPassword[ConnectionId]: Sets or gets the ServerPassword for a particular connection.This setting may be used to override the default ServerPassword. This allows for different ServerPasswords to be used for different connected clients. This can be changed at any time, for instance within the AcceptConnection. | |||||||||||||||||||||||||
| ServerSFIDCode[ConnectionId]: Sets or gets the ServerSFIDCode for a particular connection.This setting may be used to override the default ServerSFIDCode when calling SendFile. This allows for different ServerSFIDCodes to be used for different connected clients. This can be changed at any time prior to calling SendFile. When receiving files this will be populated with the ServerSFIDCode received from the client. | |||||||||||||||||||||||||
| ServerSSIDCode[ConnectionId]: Sets the ServerSSIDCode for a particular connection.This setting may be used to override the default ServerSSIDCode. This allows for different ServerSSIDCodes to be used for different connected clients. This can be set from within the AcceptConnection event. | |||||||||||||||||||||||||
CertificateStoreType[ConnectionId]: The type of certificate store.This specifies the type of certificate store. This is used when specifying an alternative Certificate for the specified connection. Possible values are:
| |||||||||||||||||||||||||
| CertificateStore[ConnectionId]: The name of the certificate store.The name of the certificate store. This is used when specifying an alternative Certificate for the specified connection.
The CertificateStoreType specifies the type of the certificate store specified by CertificateStore. If the store is password protected, specify the password in CertificateStorePassword. CertificateStore is used in conjunction with the CertificateSubject field in order to specify the certificate. Designations of certificate stores are platform-dependent. The following are designations of the most common User and Machine certificate stores in Windows:
In Java, the certificate store normally is a file containing certificates and optional private keys. When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store). If the provider is OpenSSL, the certificate store is a file containing a certificate and a private key. This property must be set to the name of the file. | |||||||||||||||||||||||||
| CertificateStorePassword[ConnectionId]: The certificate password.If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. This is used when specifying an alternative Certificate for the specified connection. | |||||||||||||||||||||||||
| CertificateSubject[ConnectionId]: The certificate subject.The subject of the certificate. This is used when specifying an alternative Certificate for the specified connection.
The special value "*" picks a random certificate in the certificate store. The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.
If a field value contains a comma it must be quoted. | |||||||||||||||||||||||||
CertificateType[ConnectionId]: Specifies the type of certificate being supplied.By default the component will use the alternate certificate specified by the CertificateSubject setting
for all operations that require a certificate. This setting allows for different certificates to be set for specific operations.
First, specify the CertificateType via this setting and then set the Certificate* configuration settings. For instance:
component.Config("CertificateType[ConnectionId]=3");
component.Config("CertificateStoreType[ConnectionId]=2");
component.Config("CertificateStore[ConnectionId]=C:\\mycert.pfx");
component.Config("CertificateStorePassword[ConnectionId]=password");
component.Config("CertificateSubject[ConnectionId]=*");
Possible values are:
| |||||||||||||||||||||||||
| FriendlyLogFormat: Determines if a more friendly format is applied to PITrail event out.This setting effects the content of the Data parameter of the PITrail event. By default this setting is true and a format designed to be more easily read is used. If set to false the Data parameter will hold the raw unformatted protocol level content. | |||||||||||||||||||||||||
| FailOnUntrustedCert: Whether or not to throw an exception when untrusted certificates are used.When TrustedCerts is populated the component will validate that loaded certificates were issued by a trusted CA in TrustedCerts. This setting controls the behavior when an untrusted certificate is found. By default this value is True and the component will throw an exception. If this is set to False the component will fire the Error event but the error will not be fatal and the operation will be allowed to continue. | |||||||||||||||||||||||||
FollowRedirects: Determines behavior when importing trusted certificates and a HTTP redirect is returned.When TrustedCertsData holds a URL and ImportTrustedCerts is called the component
makes a HTTP request to obtain the trusted certificates. If the server returns a HTTP redirect this setting
specifies how the component will handle it. Possible values are:
| |||||||||||||||||||||||||
| TrustedCertsData: Specifies the source to be used when importing trusted certificates.When ImportTrustedCerts is called it will attempt to import certificates from the location specified here. By default this is the URL provided by Odette (http://www.odette.org/tsl/tsl_oftp2.xml). This is the live list of CA certificates hosted by Odette. This may also be set to an absolute file path to load certificates from an offline source, or a string value containing the trusted CA certificates. | |||||||||||||||||||||||||
| VirtualFileDateFormat: The DateTime format of received files.This setting specifies the DateTime format used by the component when reporting the VirtualFileDate of received files.
The default format is "MM/dd/yyyy HH:mm:ss".
When using OFTP v2.0 If the component is configured to respond to EERP and NERP messages asynchronously this should be set to the value "yyyyMMddHHmmssffff" or a similar format that includes the same level of accuracy. This is required to ensure that when calling SendEndResponse the value saved from within the EndTransfer event has the necessary data when sending a response. | |||||||||||||||||||||||||
ReceivedFileNameFormat: The name format of received files.This setting specifies the format used when determining the local filename of a received file. The use of macros
is supported to provide flexibility. This setting may include one or more of the following values:
The '%VirtualFileDate%' macro also supports date formatting through the use of an optional DateTime format string. The format of the macro with the date format string included is:
| |||||||||||||||||||||||||
CertificateType: Specifies the type of certificate being supplied.By default the component will use the certificate set in the Certificate property for all operations
that require a certificate. This setting allows for different certificates to be set for specific operations.
First, specify the CertificateType via this setting and then set the Certificate property. For instance:
component.Config("CertificateType=3");
component.Certificate = mySigningCertificate;
Possible values are:
| |||||||||||||||||||||||||
RecipientCertificateType: Specifies the type of recipient certificate being supplied.By default the component will use the certificate set in the RecipientCert property for all operations
that require a certificate. This setting allows for different certificates to be set for specific operations.
First, specify the RecipientCertificateType via this setting and then set the RecipientCert property. For instance:
component.Config("RecipientCertificateType=3");
component.RecipientCert = mySignatureVerificationCertificate;
Possible values are:
| |||||||||||||||||||||||||
| ExchangeCertStoreType: Specifies the store type when loading a certificate to be exchanged.This specifies the certificate store type when loading a certificate that will be sent to the remote party.
This is only applicable when calling ExchangeCertificate. The default value is "8" which indicates the certificate
will be loaded from a file on disk. When the certificate is not in a .cer format or is located in the Windows certificate
store this setting should be set to the appropriate value before calling ExchangeCertificate.
For a list of possible values please see StoreType. Also see ExchangeCertSubject. | |||||||||||||||||||||||||
| ExchangeCertSubject: The subject of the certificate being exchanged.This specifies the subject of the certificate being exchanged. This will be used to load the appropriate certificate when ExchangeCertificate is called. This is used in conjunction with ExchangeCertStoreType and is only necessary when loading a certificate from a store that may hold more than one certificate (such as a Windows certificate store). | |||||||||||||||||||||||||
| DisconnectAfterEndSession: Determines if the connection is closed immediately after ending the session.By default when Logoff is called the component will close the TCP connection after ending the session (the ESID command is sent). To let the other side close the connection after it has received the end session command (ESID), set this to False. | |||||||||||||||||||||||||
| FireEndResponseOnSend: Determines if the EndResponse event is fired for outgoing EERP and NERPs.If set to True the component will fire the EndResponse event for both sent and received end responses. The default value is False and the EndResponse event will fire only for received (incoming) end responses. The Direction parameter of EndResponse determines if the end response is being sent or received. | |||||||||||||||||||||||||
| DeleteOnError: Whether received files are deleted when there is an error during processing.By default this value is True. When set to False and receiving a file, if the file is encrypted, signed, or compressed the file will be decrypted, verified,
or decompressed. If there is an error during processing the original unprocessed file will be placed in
DownloadDirectory. In that case you may choose what to do with the file based on the error reported during processing.
When this is set to True (default) and there is an error during processing the original unprocessed file will be deleted and no files will be placed in DownloadDirectory. | |||||||||||||||||||||||||
| SendCDAfterEFPA: Specifies whether a CD is always sent after receiving an EFPA.When sending a file the recipient will respond with an EFPA once the file is received. Within this response is an indicator
which tells the sender whether to issue a CD (Change Direction) command.
The indicator is read by the component and a CD command is sent if requested. If a CD is not requested then no CD is sent.
When set to True, this overrides the default behavior and will always send a CD command regardless of whether the indicator is set in the EFPA. This should only be set if there is a specific reason to do so. In most cases it is not necessary. |
IPDaemon Configuration Settings
| BindExclusively: Whether or not the component considers a local port reserved for exclusive use. If this is true (default), the component will bind to the local port with the ExclusiveAddressUse option set, meaning that nothing else can bind to the same port. Also the component will not be able to bind to local ports that are already in use by some other instance and attempts to do so will result in failure. | |||||||
| InBufferSize: The size in bytes of the incoming queue of the socket.
This is the size of an internal queue in the TCP/IP stack.
You can increase or decrease its size depending on the amount
of data that you will be receiving. Increasing the value of the
InBufferSize setting can provide significant improvements in
performance in some cases.
Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the component is activated the InBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small. InBufferSize is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified. | |||||||
| MaxConnections: The maximum number of connections available. The maximum number of connections available. This property must be set before Listening is set to True, and once set, it can no longer be changed for the current instance of the component. The maximum value for this setting is 100,000 connections. Use this setting with caution. Extremely large values may impact performance. | |||||||
| OutBufferSize: The size in bytes of the outgoing queue of the socket.This is the size of an internal queue in the TCP/IP stack.
You can increase or decrease its size depending on the amount
of data that you will be sending. Increasing the value of the
OutBufferSize setting can provide significant improvements in
performance in some cases.
Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the component is activated the OutBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small. OutBufferSize is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified. | |||||||
| KeepAliveTime: The inactivity time in milliseconds before a TCP keep-alive packet is sent.By default the operating system will determine the
time a connection is idle before a TCP keep-alive packet is sent. This system default if this value is not specified here is 2 hours. In many
cases a shorter interval is more useful. Set this value to the desired interval in milliseconds.
This setting is applicable to all connections.
Note: This value is not applicable in Java. | |||||||
| KeepAliveInterval: The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.A TCP keep-alive packet will be sent after a period of inactivity as
defined by KeepAliveTime. If no acknowledgement is received from the remote host the keep-alive packet
will be re-sent. This setting specifies the interval at which the successive keep-alive packets are sent in milliseconds.
This system default if this value is not specified here is 1 second.
This setting is applicable to all connections.
Note: This value is not applicable in Java or MAC. | |||||||
| RecordLength[ConnectionId]: The length of received data records.If set to a positive value, this setting defines the length of data records to be received. The component will accumulate data
until RecordLength is reached and only then fire the DataIn event with data of length RecordLength.
This allows data to be received as records of known length. This value can be changed at any time, including within the DataIn event.
The default value is 0, meaning this setting is not used. "ConnectionId" specifies the connection to which the setting applies. | |||||||
UseIPv6: Whether to use IPv6.When set to 0 (default), the component will use IPv4 exclusively.
When set to 1, the component will use IPv6 exclusively. When set to 2, the component will listen for both IPv4 and IPv6 connections. If IPv6 is not available on the system, only IPv4 will be used. The default value is 0.
Possible values are:
| |||||||
| TcpNoDelay: Whether or not to delay when sending packets.
When true, the socket will send all data that is ready to send at once. When
false, the socket will send smaller buffered packets of data at small intervals.
This is known as the Nagle algorithm.
By default, this config is set to false. | |||||||
| CloseStreamAfterTransfer: If true, the component will close the upload or download stream after the transfer.This setting determines whether the input or output stream is closed after the transfer completes. When set to True (default), all streams will be closed after a transfer is completed. In order to keep streams open after the transfer of data, set this to False. the default value is True. |
SSL Configuration Settings
| ReuseSSLSession: Determines if the SSL session is reused.
If set to true, the component will reuse the context if and only if the following criteria are met:
| |||||||||||||||||||||||||
| SSLCipherStrength: The minimum cipher strength used for bulk encryption.
This minimum cipher strength largely dependent on the security modules installed
on the system. If the cipher strength specified is not supported,
an error will be returned when connections are initiated.
Please note that this setting contains the minimum cipher strength requested from the security library. The actual cipher strength used for the connection is shown by the SSLStatus event. Use this setting with caution. Requesting a lower cipher strength than necessary could potentially cause serious security vulnerabilities in your application. When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the OpenSSLCipherList config setting. | |||||||||||||||||||||||||
| SSLEnabledProtocols: Used to enable/disable the supported security protocols.Used to enable/disable the supported security protocols.
Not all supported protocols are enabled by default (the value of this setting is 4032). If you want more granular control over the enabled protocols, you can set this property to the binary 'OR' of one or more of the following values:
When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the OpenSSLCipherList config setting. TLS 1.1 and TLS1.2 support are only available starting with Windows 7. | |||||||||||||||||||||||||
| SSLProvider: The name of the security provider to use.
Change this setting to use security providers other than the system default.
Use this setting with caution. Disabling SSL security or pointing to the wrong provider could potentially cause serious security vulnerabilities in your application. The special value "*" (default) picks the default SSL provider defined in the system. Note: On Windows systems, the default SSL Provider is "Microsoft Unified Security Protocol Provider" and cannot be changed. | |||||||||||||||||||||||||
SSLSecurityFlags: Flags that control certificate verification.The following flags are defined (specified in hexadecimal
notation). They can be or-ed together to exclude multiple
conditions:
This functionality is currently not available in Java or when the provider is OpenSSL. | |||||||||||||||||||||||||
| SSLEnabledCipherSuites: The cipher suite to be used in an SSL negotiation.The enabled cipher suites to be used in SSL negotiation.
By default, the enabled cipher suites will include all available ciphers ("*"). The special value "*" means that the component will pick all of the supported cipher suites. If SSLEnabledCipherSuites is set to any other value, only the specified cipher suites will be considered. Multiple cipher suites are separated by semicolons. Example values when UseManagedSecurityAPI is False (default):
obj.config("SSLEnabledCipherSuites=*");
obj.config("SSLEnabledCipherSuites=CALG_AES_256");
obj.config("SSLEnabledCipherSuites=CALG_AES_256;CALG_3DES");
Possible values when UseManagedSecurityAPI is False (default) include:
obj.config("SSLEnabledCipherSuites=*");
obj.config("SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
obj.config("SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA;TLS_DH_ANON_WITH_AES_128_CBC_SHA");
Possible values when UseManagedSecurityAPI is True include:
SSLEnabledCipherSuites is used together with SSLCipherStrength. Note: This configuration setting is available only in .NET and Java. |
Base Configuration Settings
| GUIAvailable: Tells the component whether or not a message loop is available for processing events.
In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.
In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GuiAvailable to false will ensure that the component does not attempt to process external events. | |
| UseBackgroundThread: Whether threads created by the component are background threads.If set to True, when the component creates a thread the thread's IsBackground property will be explicitly set to True. By default this setting is False. | |
| UseManagedSecurityAPI: Tells the component whether or not to use the system security libraries or a managed implementation.
By default the component will use the system security libraries to perform cryptographic functions. This means
calls to unmanaged code will be made. In certain environments this is not desirable. To use a completely managed security
implementation set this setting to True. Setting this to True tells the component to use the internal managed implementation
instead of using the system's security API.
Note that when this value is set the product's system dll is no longer required as a reference, as all unmanaged code is stored in this file. |