# Java home
JAVA_HOME=${JAVA_HOME}
export JAVA_HOME

# JNI jar file location
JNI_JAR_DIR=/usr/lib/java
export JNI_JAR_DIR

# PKI library
PKI_LIB=/usr/share/pki/lib
export PKI_LIB

# logging configuration location
LOGGING_CONFIG=/usr/share/pki/etc/logging.properties
export LOGGING_CONFIG

# PKI CLI options
PKI_CLI_OPTIONS=
export PKI_CLI_OPTIONS

# SSL version ranges
# Valid values: SSL_3_0, TLS_1_0, TLS_1_1, TLS_1_2
SSL_STREAM_VERSION_MIN="TLS_1_0"
export SSL_STREAM_VERSION_MIN

SSL_STREAM_VERSION_MAX="TLS_1_2"
export SSL_STREAM_VERSION_MAX

SSL_DATAGRAM_VERSION_MIN="TLS_1_1"
export SSL_DATAGRAM_VERSION_MIN

SSL_DATAGRAM_VERSION_MAX="TLS_1_2"
export SSL_DATAGRAM_VERSION_MAX

# SSL default ciphers
# This boolean parameter determines whether to enable default SSL ciphers.
SSL_DEFAULT_CIPHERS="true"
export SSL_DEFAULT_CIPHERS

# SSL ciphers
# This parameter lists SSL ciphers to enable/disable in addition to the default ciphers.
# The list contains IANA-registered cipher names or hex IDs separated by white spaces.
# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
# To disable a cipher, specify a "-" sign in front of the cipher name or ID.
SSL_CIPHERS=""
export SSL_CIPHERS

# Key wrapping parameter set
# This parameter specifies the encryption and key wrapping algorithms to use
# when storing secrets in the KRA, or creating CRMF data using CRMFPopClient.
#
# Parameter sets are:
# O: (legacy, for interacting with pre-10.4 servers)
#    Encryption Algorithm: DES3_CBC
#    Padding: PKCS#1.5 Padding
#    Key Wrapping: DES3_CBC_PAD
# 1: AES (default for 10.4+ servers)
#    Encryption Algorithm: AES_128_CBC
#    Padding: PKCS#1.5 Padding
#    Key Wrapping: AES KeyWrap with Padding
KEY_WRAP_PARAMETER_SET=1
export KEY_WRAP_PARAMETER_SET

# Auto-enable subsystems
# This boolean parameter determines whether to automatically enable all
# subsystems on startup.
PKI_SERVER_AUTO_ENABLE_SUBSYSTEMS="true"
export PKI_SERVER_AUTO_ENABLE_SUBSYSTEMS