To configure TLS default properties for clients

You can configure default values for various TLS properties in the mf-client.dat file. When a TLS-enabled MFCC client is started, the file is checked for default values. If the client does not specify a value for a property, the value from the file is used instead.

Note: Not all properties in the mf-client.dat file overwrite the value set for a client. Some properties can only be set in the mf-client.dat file, and not by the client.

By default, the mf-client.dat file is located in the $COBDIR/bin folder. The MFC_CONFIG environment variable can be used to specify a different configuration file.

See Specifying a Server Protocol and Cipher Suite Preference chapter for more information.

[TLS]

; Set the depth to which the certificate chain of the peer should be verified
; If a connection does not specify a verify depth (or attempts to set a depth of 0) 
; this value will overwrite it
;verify depth=5

; Flag for whether the client should verify the server's certificate
; If a connection does not specify this flag/sets it to 0, this value will be used
;verify peer=0

; The TLS protocols field specifies the list of protocols to be used and 
; the order of preference in which they are to be used
;protocols=

; The Cipher Suites field specifies the list of ciphers to be used in 
; order of preference of use.
;cipher suites=

; The TLS 1.3 specific cipher suites list
;TLS1.3 cipher suites=

; The minimum size in bits of the modulus length of the Diffie-Hellman (DH) group 
; that is used to negotiate with connecting peers when using DH cipher suites. 
;min dh size=

; The Cipher Groups (previously 'ECC curves') enable you to specify the list of 
; ciphers to be used and the order of preference 
;cipher groups=

; Set whether the middlebox workaround is disabled. Any setting here overwrites any value
; set on a client. 
; Values: "disable" or "enable" 
;middlebox workaround=