SSL Directives: IBM HTTP Server
System Administration IBM HTTP Server documentation

SSL Directives


 .
  • Keyfile
  • SSLClientAuthRequire
  • LogLevel
  • SSLCRLHostname
  • SSLAcceleratorDisable
  • SSLCRLPort
  • SSLCacheDisable
  • SSLCRLUserID
  • SSLCacheEnable
  • SSLDisable
  • SSLCacheErrorLog
  • SSLEnable
  • SSLCachePath
  • SSLFakeBasicAuth
  • SSLCachePortFilename
  • SSLPKCSDriver
  • SSLCacheTraceLog
  • SSLServerCert
  • SSLCipherBan
  • SSLStashfile
  • SSLCipherRequire
  • SSLV2Timeout
  • SSLCipherSpec
  • SSLV3Timeout
  • SSLClientAuth
  • SSLVersion
  • SSLClientAuthGroup
  • Related Information
  • Keyfile

    LogLevel

    SSLAcceleratorDisable

    Place this directive anywhere inside of the configuration file (including inside a virtual host). During initialization, if it is determined that an accelerator device is installed on the machine, that accelerator is used to perform secure transactions. Use SSLAcceleratorDisable, if you want to disable the accelerator device.

    applies to UNIX systems

    SSLCacheDisable (Not valid on Windows NT)

    Applies to UNIX systems

    SSLCacheEnable (Not valid on Windows NT)

    applies to UNIX systems

    SSLCacheErrorLog (Not valid on Windows NT)

    applies to UNIX systems

    SSLCachePath (Not valid on Windows NT)

    applies to UNIX systems

    SSLCachePortFilename (Not valid on Windows NT)

    applies to UNIX systems

    SSLCacheTraceLog (Not valid on Windows NT)

    SSLCipherBan

    SSLCipherRequire

     

    SSLCipherSpec

     
    Version 2 Cipher Specifications
    Shortname Longname Description
    27 SSL_DES_192_EDE3_CBC_WITH_MD5 Triple-DES (168 bit)
    21 SSL_RC4_128_WITH_MD5 RC4 (128 bit)
    23 SSL_RC2_CBC_128_CBC_WITH_MD5 RC2 (128 bit)
    26 SSL_DES_64_CBC_WITH_MD5 DES (56 bit)
    22 SSL_RC4_128_EXPORT40_WITH_MD5 RC4 (40 bit)
    24 SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 RC2 (40 bit)
     
    SSL Version 3 and TLS Version 1 Cipher Specifications
    Shortname Longname Description
    3A SSL_RSA_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168 bit)
    33 SSL_RSA_EXPORT_WITH_RC4_40_MD5 RC4 SHA (40 bit)
    34 SSL_RSA_WITH_RC4_128_MD5 RC4 MD5 (128 bit)
    39 SSL_RSA_WITH_DES_CBC_SHA DES SHA (56 bit)
    35 SSL_RSA_WITH_RC4_128_SHA RC4 SHA (128 bit)
    36 (See Note 1.) SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 RC2 MD5 (40 bit)
    32 SSL_RSA_WITH_NULL_SHA
    31 SSL_RSA_WITH_NULL_MD5
    30 SSL_NULL_WITH_NULL_NULL
    62 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA RC4 SHA Export 1024 (56 bit)
    64 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA DES SHA Export 1024 (56 bit)
     

    Note 1: Cipher spec 36 requires Netscape Navigator 4.07; it does not work on earlier versions of Netscape browsers.

     

    SSLClientAuth

    SSLClientAuthGroup

    Description of valid logical expressions

    For example:

    SSLClientAuthGroup (CommonName = "Fred Smith" OR CommonName = "John Deere") AND Org = IBM
    
    means that the object will not be served unless the client certificate contains a common name of either Fred Smith or John Deere and the organization is IBM. For the attribute checks, the only valid comparisons are equal and not equal (= and !=). Each attribute check can be linked with AND, OR, or NOT (also &&, ||, and !). Parentheses can be used to group comparisons. If the value of the attribute contains a non-alphanumeric character, the value must be delimited with quotes.

    Valid attributes are:

    Also valid are the short names:

         CN, C, E, G, ICN, IC, IE, IL, IO, IOU, IST, L, O, OU, ST 
    

    Note that multiple SSLClientAuthRequire directives are allowed per object; the net effect is that these directives are joined by "AND".

     

    SSLClientAuthRequire

    Description of valid logical expressions

    For example:

    SSLClientAuthRequire (CommonName = "Fred Smith" OR CommonName = "John Deere") AND Org = IBM
    
    means that the object will not be served unless the client certificate contains a common name of either Fred Smith or John Deere and the organization is IBM. For the attribute checks, the only valid comparisons are equal and not equal (= and !=). Each attribute check can be linked with AND, OR, or NOT (also &&, ||, and !). Parentheses can be used to group comparisons. If the value of the attribute contains a non-alphanumeric character, the value must be delimited with quotes.

    Valid attributes are:

    Also valid are the short names:

         CN, C, E, ICN, IC, IE, IL, IO, IOU, IST, L, O, OU, ST 
    

    Note that multiple SSLClientAuthRequire directives are allowed per object; the net effect is that these directives are joined by "AND".

     

    SSLCRLHostname

    SSLCRLPort

    SSLCRLUserID

    SSLDisable

    SSLEnable

     

    SSLFakeBasicAuth

     

    SSLPKCSDriver

    Refers to AIX Refers to HPUX Refers to Solaris Refers to Windows NT

    The following are the default locations of the modules for each PKCS11 device:

    Ncipher

    IBM4758 Refers to AIX Refers to Windows NT

     

    SSLServerCert

     

    SSLStashfile

     

    SSLVersion

    SSLV2Timeout

     

    SSLV3Timeout

     
    Related information...

         (Back to Top)