The is used to interact with clients using HTTP. It provides full support for Rest2LDAP. A Key Manager Provider must be specified when this is enabled and it is configured to use SSL. A Trust Manager Provider must be specified when this is enabled and it is configured to use SSL. ds-cfg-http-connection-handler ds-cfg-connection-handler org.opends.server.protocols.http.HTTPConnectionHandler Specifies the name of the key manager that should be used with this . Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. The referenced key manager provider must be enabled when the is enabled and configured to use SSL. ds-cfg-key-manager-provider Specifies the name of the trust manager that should be used with the . Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. The referenced trust manager provider must be enabled when the is enabled and configured to use SSL. ds-cfg-trust-manager-provider Specifies the address or set of addresses on which this should listen for connections from HTTP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the listens on all interfaces. 0.0.0.0 ds-cfg-listen-address Specifies the size in bytes of the largest HTTP request message that will be allowed by this HTTP Connection handler. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. 5 megabytes ds-cfg-max-request-size Specifies the size in bytes of the HTTP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer HTTP response messages data when writing. 4096 bytes ds-cfg-buffer-size Specifies the policy that the should use regarding client SSL certificates. This is only applicable if clients are allowed to use SSL. optional Clients are not required to provide their own certificates when performing SSL negotiation. Clients are requested to provide their own certificates when performing SSL negotiation, but still accept the connection even if the client does not provide a certificate. Clients are required to provide their own certificates when performing SSL negotiation and are refused access if the do not provide a certificate. ds-cfg-ssl-client-auth-policy Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. 128 connections ds-cfg-accept-backlog Specifies the names of the SSL protocols that are allowed for use in SSL communication. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. Uses the default set of SSL protocols provided by the server's JVM. ds-cfg-ssl-protocol Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. Uses the default set of SSL cipher suites provided by the server's JVM. ds-cfg-ssl-cipher-suite Specifies the maximum length of time that attempts to write data to HTTP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. 2 minutes ds-cfg-max-blocked-write-time-limit Specifies the name of the configuration file for the HTTP Connection Handler. config/http-config.json .* FILE A path to an existing file that is readable by the server. ds-cfg-config-file