SSL environment variables: IBM HTTP Server
System Administration IBM HTTP Server documentation

SSL environment variables


SSL-specific environment variables are exposed to CGI applications and SSI-processed pages. The variables can be effectively broken into three types:

  • Variables for information regarding the SSL handshake
  • Variables for exposing the server certificate information
  • Variables for exposing client certificate information if client authentication is enabled.
 

If a valid SSL request is made, the SSL handshake environment variables and the server certificate environment variables are set. If client authentication is set to either optional or require, the client certificate environment variables are set.

SSL Handshake Environment Variables

  • HTTPS
    • Description: Used to show if connection is an SSL connection
    • Values: String contains either "ON" or "OFF" - "ON" if the connection is an SSL connection, "OFF" otherwise.
  • HTTPS_KEYSIZE
    • Description: Size of the key
    • Values: See the table below
  • HTTPS_SECRETKEYSIZE
    • Description: Actual strength of the key
    • Values: See the table below
  • SSL_PROTOCOL_VERSION
    • Description: Contains the protocol version
    • Values: String containing either "SSLV2" or "SSLV3"

Values for HTTPS_KEYSIZE and HTTPS_SECRETKEYSIZE

For SSL V3 and TLS V1:

Cipher Suite                     Key size     Secret key size  
--------------------------------------------------------------- 
SSL_RSA_WITH_NULL_MD5                  0          0
SSL_RSA_WITH_NULL_SHA                  0          0
SSL_RSA_EXPORT_WITH_RC4_40_MD5       128         40
SSL_RSA_WITH_RC4_128_MD5             128        128
SSL_RSA_WITH_RC4_128_SHA             128        128
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5   128         40
SSL_RSA_WITH_DES_CBC_SHA              64         56
SSL_RSA_WITH_3DES_EDE_CBC_SHA        192        168
SSL_NULL_WITH_NULL_NULL                0          0
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    56         20
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   56         20    


For SSL V2:

Cipher Suite                     Key size     Secret key size  
--------------------------------------------------------------- 
RC4_128_WITH_MD5                     128        128
RC4_128_EXPORT40_WITH_MD5            128         40
RC2_128_CBC_WITH_MD5                 128        128
RC2_128_CBC_EXPORT40_WITH_MD5        128         40
DES_64_CBC_WITH_MD5                   64         56
DES_192_EDE3_CBC_WITH_MD5            192        168


Server Certificate Environment Variables

  • SSL_SERVER_C
    • Description: Contains the country attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_CN
    • Description: Contains the common name attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_DN
    • Description: Contains the distinguished name of the server certificate used in the IP-based virtual host which received the request
    • Values: String or empty
  • SSL_SERVER_EMAIL
    • Description: Contains the email attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_L
    • Description: Contains the locality attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_O
    • Description: Contains the organization attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_OU
    • Description: Contains the organizational unit attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_ST
    • Description: Contains the state or province attribute of the server certificate
    • Values: String or empty

Client Certificate Environment Variables

  • SSL_CLIENT_C
    • Description: Contains the client certificate country
    • Values: String or empty
  • SSL_CLIENT_CERTBODY
    • Description: Contains the client certificate
    • Values: String containing the complete client certificate as a string
  • SSL_CLIENT_CERTBODYLEN
    • Description: Contains the length of the client certificate
    • Values: Integer
  • SSL_CLIENT_CN
    • Description: Contains the client certificate common name
    • Values: String or empty
  • SSL_CLIENT_DN
    • Description: Contains the distinguished name from the client certificate
    • Values: String or empty
  • SSL_CLIENT_EMAIL
    • Description: Contains the client certificate e-mail
    • Values: String or empty
  • SSL_CLIENT_IC
    • Description: Contains the client certificate issuer's country
    • Values: String or empty
  • SSL_CLIENT_ICN
    • Description: Contains the client certificate issuer's common name
    • Values: String or empty
  • SSL_CLIENT_IDN
    • Description: Contains the client certificate issuer's distinguished name
    • Values: String or empty
  • SSL_CLIENT_IEMAIL
    • Description: Contains the client certificate issuer's email
    • Values: String or empty
  • SSL_CLIENT_IL
    • Description: Contains the client certificate issuer's locality
    • Values: String or empty
  • SSL_CLIENT_IO
    • Description: Contains the client certificate issuer's organization
    • Values: String or empty
  • SSL_CLIENT_IOU
    • Description: Contains the client certificate issuer's organizational unit
    • Values: String or empty
  • SSL_CLIENT_IPC
    • Description: Contains the postal code of the client certificate issuer
    • Values: String and empty
  • SSL_CLIENT_IST
    • Description: Contains the client certificate issuer's state or province
    • Values: String or empty
  • SSL_CLIENT_L
    • Description: Contains the client certificate locality
    • Values: String or empty
  • SSL_CLIENT_NEWSESSIONID
    • Description: Used to show if this session ID is new
    • Values: String containing "TRUE" or "FALSE"
  • SSL_CLIENT_O
    • Description: Contains the client certificate organization
    • Values: String or empty
  • SSL_CLIENT_OU
    • Description: Contains the client certificate organizational unit
    • Values: String or empty
  • SSL_CLIENT_PC
    • Description: Contains the client certificate postal code
    • Values: String and empty
  • SSL_CLIENT_SERIALNUM
    • Description: Contains the client certificate serial number
    • Values: String or empty
  • SSL_CLIENT_SESSIONID
    • Description: Contains the session ID
    • Values: String or empty
  • SSL_CLIENT_ST
    • Description: Contains the client certificate state or province
    • Values: String or empty

Related information...

     (Back to the Top)