S3 Configuration

If true, the file on the server will be deleted in accordance with the option selected in DeleteMode even if the message is suspended.

The default value is False.

If an error occurs after an upload has started, the partial upload may remain on the remote server after the error is handled. If this setting is True, the send adapter will delete the partial upload while handling the error. The default value is False.

This is only applicable to the send adapter.

Bucket name restrictions are enforced by default. This configuration settings allows you to override the adapter's validation, and set the Bucket property with any arbitrary string. The following restrictions are enforced:

• Bucket names can contain lowercase letters, numbers, periods, underscores, and dashes.
• Bucket names must start with a number or letter.
• Bucket names must be between 3 and 63 characters long.
• Bucket names should not end with a dash.
• Bucket names cannot contain two adjacent periods.
• Bucket names cannot contain dashes next to periods.
• Bucket names must not be formatted as an IP address (eg: 192.168.5.4).

If set to True the component will include the MD5 digest of the object data when creating an object. The host will use this value to verify the data was not corrupted during transfer. The default value is False.

You may use this setting to specify a region as a location constraint for newly created buckets and objects.

Setting the location constraint will automatically set the value of URL to match.

Region Values:

Used by the ListObjects operation. The keys that contain the same string between the ObjectPrefix and the first occurrence of ObjectDelimiter will be rolled up into a single result element.

Used by the ListObjects operation. When set, only the objects that are lexically after the marker are listed. This option, in conjunction with the MaxObjects option can be used for pagination.

Used by the ListObjects operation to filter the list of returned objects. This can be set to a prefix for the objects to be returned within the specified Bucket.

The maximum number of objects to be returned by the ListObjects operation. The default value is -1, which does not send the server a limit on the amount to return.

If set to True (default), the adapter will continue to processing if the server indicates that the results are paged during a ReceiveObject, ListObjects, or DeleteObjects operation. If set to False, the adapter will only process the first page of results returned from the server.

When using temporary credentials, AWS requires you to send the session token provided with the temporary access and secret key in every request.

Setting this option on the adapter allows you to control the storage class of an uploaded object. Valid options are:

By default, the adapter uses the Amazon URL for the service. Setting this config will override this value.

When the adapter is running within an Amazon EC2 instance, this setting can be set to true in order to automatically authenticate requests as the IAM role attached to the instance using temporary credentials obtained from the EC2 instance itself.

In order for the adapter to be able to auto-obtain authentication credentials, the EC2 instance must have an "instance profile" with an appropriate IAM role attached to it. Refer to the "Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances" page in the Amazon IAM documentation for more information.

By default, this setting is false. When set to true the adapter will do the following before each request:

1. Make a request against the EC2 instance to get the name of the role attached to it.
2. Make a request against the EC2 instance to obtain temporary security credentials for IAM role returned in the previous call.
3. Parse the response, automatically populating the AccessKey and SecretKey properties.
4. Execute the original request using the temporary security credentials that were acquired.

When using this setting, set the AccessKey and SecretKey properties to dummy values (e.g., "DUMMY").

By default, this config is set to false. At the time of object creation, that is, when you are uploading a new object or making a copy of an existing object, you can specify if you want Amazon S3 to encrypt your data with AES256.

If set to true, the adapter will reuse the context if and only if the following criteria are met:

• The target host name is the same.
• The system cache entry has not expired (default timeout is 10 hours).
• The application process that calls the function is the same.
• The logon session is the same.
• The instance of the adapter is the same.

This minimum cipher strength largely dependent on the security modules installed on the system. If the cipher strength specified is not supported, an error will be returned when connections are initiated.

Please note that this setting contains the minimum cipher strength requested from the security library.

Use this setting with caution. Requesting a lower cipher strength than necessary could potentially cause serious security vulnerabilities in your application.

Used to enable/disable the supported security protocols.

Not all supported protocols are enabled by default (the value of this setting is 4032). If you want more granular control over the enabled protocols, you can set this property to the binary 'OR' of one or more of the following values:

Note: TLS 1.1 and TLS1.2 support are only available starting with Windows 7.

Note: Enabling TLS 1.3 will automatically set UseInternalSecurityAPI to True.

This setting specifies whether the transport log contains the full certificate chain. By default this value is False and only the leaf certificate will be present.

If set to True all certificates returned by the server will be present in the transport log. This includes the leaf certificate, any intermediate certificate, and the root certificate.

Note: When UseInternalSecurityAPI is set to True this value is automatically set to True. This is needed for proper validation when using the internal provider.

The following flags are defined (specified in hexadecimal notation). They can be or-ed together to exclude multiple conditions:

The enabled cipher suites to be used in SSL negotiation.

By default, the enabled cipher suites will include all available ciphers ("*").

The special value "*" means that the adapter will pick all of the supported cipher suites. If SSLEnabledCipherSuites is set to any other value, only the specified cipher suites will be considered.

Multiple cipher suites are separated by semicolons.

Example values when UseInternalSecurityAPI is False (default):

// The "Other" property could contain ONE of the following lines:
SSLEnabledCipherSuites=*
SSLEnabledCipherSuites=CALG_AES_256
SSLEnabledCipherSuites=CALG_AES_256;CALG_3DES

• CALG_3DES
• CALG_3DES_112
• CALG_AES
• CALG_AES_128
• CALG_AES_192
• CALG_AES_256
• CALG_AGREEDKEY_ANY
• CALG_CYLINK_MEK
• CALG_DES
• CALG_DESX
• CALG_DH_EPHEM
• CALG_DH_SF
• CALG_DSS_SIGN
• CALG_ECDH
• CALG_ECDH_EPHEM
• CALG_ECDSA
• CALG_ECMQV
• CALG_HASH_REPLACE_OWF
• CALG_HUGHES_MD5
• CALG_HMAC
• CALG_KEA_KEYX
• CALG_MAC
• CALG_MD2
• CALG_MD4
• CALG_MD5
• CALG_NO_SIGN
• CALG_OID_INFO_CNG_ONLY
• CALG_OID_INFO_PARAMETERS
• CALG_PCT1_MASTER
• CALG_RC2
• CALG_RC4
• CALG_RC5
• CALG_RSA_KEYX
• CALG_RSA_SIGN
• CALG_SCHANNEL_ENC_KEY
• CALG_SCHANNEL_MAC_KEY
• CALG_SCHANNEL_MASTER_HASH
• CALG_SEAL
• CALG_SHA
• CALG_SHA1
• CALG_SHA_256
• CALG_SHA_384
• CALG_SHA_512
• CALG_SKIPJACK
• CALG_SSL2_MASTER
• CALG_SSL3_MASTER
• CALG_SSL3_SHAMD5
• CALG_TEK
• CALG_TLS1_MASTER
• CALG_TLS1PRF

// The "Other" property could contain ONE of the following lines:
SSLEnabledCipherSuites=*
SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA;TLS_DH_ANON_WITH_AES_128_CBC_SHA

• TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
• TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
• TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
• TLS_DHE_DSS_WITH_AES_256_CBC_SHA
• TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
• TLS_DHE_DSS_WITH_DES_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
• TLS_DHE_RSA_WITH_DES_CBC_SHA
• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_DES_CBC_SHA
• TLS_RSA_WITH_RC4_128_MD5
• TLS_RSA_WITH_RC4_128_SHA

If SSLEnabledProtocols is configured to use TLS 1.3 the following values are supported:

• TLS_AES_128_GCM_SHA256
• TLS_AES_256_GCM_SHA384

SSLEnabledCipherSuites is used together with SSLCipherStrength.

This setting specifies the allowed server certificate signature algorithms when UseInternalSecurityAPI is True and SSLEnabledProtocols is set to allow TLS 1.2.

When specified the adapter will verify that the server certificate signature algorithm is among the values specified in this setting. If the server certificate signature algorithm is unsupported the adapter will fail with an error.

The format of this value is a comma separated list of hash-signature combinations. For instance:

// The "Other" could contain ALL of these lines:
UseInternalSecurityAPI=true
SSLEnabledProtocols=3072
TLS12SignatureAlgorithms=sha1-rsa,sha1-dsa,sha256-rsa,sha256-dsa

In order to not restrict the server's certificate signature algorithm, specify an empty string as the value for this setting, which will cause the signature_algorithms TLS 1.2 extension to not be sent.

This setting specifies a comma separated list of (EC)DHE groups that are supported for key exchange. The values are ordered from most preferred to least preferred. The following values are supported:

• "ecdhe_secp256r1" (default)
• "ecdhe_secp384r1" (default)
• "ecdhe_secp521r1"
• "ffdhe_2048" (default)
• "ffdhe_3072" (default)
• "ffdhe_4096"
• "ffdhe_6144"
• "ffdhe_8192"

The default value is ecdhe_secp256r1,ecdhe_secp384r1,ffdhe_2048,ffdhe_3072. This setting is only applicable when SSLEnabledProtocols includes TLS 1.3. Note that groups of larger size require more computational resources and will impact performance.

This setting holds a comma separated list of allowed signature algorithms. Possible values are:

• "rsa_pkcs1_sha256" (default)
• "rsa_pkcs1_sha384" (default)
• "rsa_pkcs1_sha512" (default)

If AbsoluteTimeout is set to True, any method which does not complete within Timeout seconds will be aborted. By default, AbsoluteTimeout is False, and the timeout is an inactivity timeout.

The LocalHost configuration contains the name of the local host as obtained by the Gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the adapter initiate connections (or accept in the case of server adapters) only through that interface.

If the adapter is connected, the LocalHost configuration shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

When true, the socket will send all data that is ready to send at once. When false, the socket will send smaller buffered packets of data at small intervals. This is known as the Nagle algorithm.

By default, this config is set to false.

By default the adapter will use the system security libraries to perform cryptographic functions. When set to False calls to unmanaged code will be made. In certain environments this is not desirable. To use a completely managed security implementation set this setting to True. Setting this to True tells the adapter to use the internal implementation instead of using the system's security API.

Note: This setting is static. The value set is applicable to all adapters used in the application.

When this value is set the product's system DLL is no longer required as a reference, as all unmanaged code is stored in that file.