| FIELD | DESCRIPTION | TYPE | DEFAULT VALUE(S) | ALLOWED VALUE(S) |
|---|---|---|---|---|
| enabled | whether this part of the policy will be enforced | Boolean | true | true, false |
| compensatingControl | whether there’s another mechanism to handle this (elsewhere) in the stack | Boolean | false | true, false |
| data | certificate information | |||
| key | path to key file | String | ”/path/to/key” | String or null* |
| cert | path to certificate file | String | ”/path/to/cert” | String or null* |
| keyExchange | path to key exchange file | String | ”/path/to/strong/exchange/key” | String or null* |
| ciphers | list of encryption ciphers to use | String Array | [] (nodejs default ciphers) | The full suite of ciphers supported in openssl (run openssl ciphers at command prompt) |
| redirectSecure | creates an HTTP server for redirection | Boolean | true | true, false |
| rejectWeakCiphers | forces the HTTPS server to formally reject insecure ciphers (key length less than 128 bits, 3DES) | Boolean | true | true,false |
| rejectInsecureTLS | forces the HTTPS server to use TLS 1.1 or later | Boolean | true | true,false |
| forceHttps | creates an HTTPS server and forces all traffic to it | Boolean | true | true, false |
* This information should be treated as highly sensitive (aka ‘SECRET’) and putting the full path to these files is not recommended. Instead, leave these values as null and include these path values in your environment variables. Reference ‘Secrets Management’ for more details