SSL, ssl, kPMSSL — A description of a SSL configuration.


SSL structure { keychain, peer name, allow, level };
keychain : string, length 2..4096
peer name : string, length 1..512, optional
allow : array of SSL allowances elements, optional, unique
level : string, choice, default, optional


A description of a SSL configuration.


keychain. Absolute path to Keychain containing a certificate and a signing key.

SSL is an absolute path to a Keychain containing a suitable certificate and signing key for the socket. It is best practice to create a separate Keychain.

To use the System keychain: /Library/Keychain/System.keychain

keychain is a string. keychain must be between 2 and 4096 characters long, inclusive.

peer name. Override the name used for certificate verification.

Provide an empty string to disable name verification.

peer name is a string. peer name is optional. peer name must be between 1 and 512 characters long, inclusive.

allow. Lessen the requirements of the SSL certificate.

allow is an array of SSL allowances elements. allow is optional. Each item in allow must be unique.

level. Level of SSL security to use.

level is a string. If level is omitted, the default TLSv1 is used. level is optional. level must be one of the following four constants:

  • SSLv2, kPMSSLLevel_SSLv2.
  • SSLv3, kPMSSLLevel_SSLv3.
  • TLSv1, kPMSSLLevel_TLSv1.
  • negotiated, kPMSSLLevel_Negotiated.