Set and view cipher specification: IBM HTTP Server
System Administration IBM HTTP Server documentation

Set and View Cipher Specification


For each virtual host, set the cipher specification (spec) to use during secure transactions. The specified cipher specs are validated against the level of the GSK toolkit installed on your system. If the cipher specs are not valid, an error is logged to the error log. If the ciphers specified are not supported by the client issuing the request, the request fails and the connection is closed to the client.

Specify Cipher Specs

  1. In the configuration file, on the SSLCipherSpec directive, specify a value for each virtual host stanza, as in the following examples:
    SSLCipherSpec shortname
    

    Or

    SSLCipherSpec longname
    

    Where shortname or longname are replaced by the name of an SSL Version 2, or SSL Version 3 Cipher Specification.

  2. Save the configuration file and restart the server.

Viewing the Configured Cipher Spec

To see which cipher specs the server will use for secure transactions, look at the informational messages that are logged in the error log.

  1. In the configuration file, on the LogLevel directive, specify that informational messages be included in the error log:
    LogLevel info
    
  2. Look in the error log for messages in this format:
    TimeStamp info_message mod_ibm_ssl: Using Version 2|3 Cipher: longname|shortname.
    

The order that the cipher specs appear in the error log from top to bottom is the order in which the cipher specifications are attempted.

 
Related information...

     (Back to Top)