SSL directive considerations

SSL directive considerations

When using SSL directives, we should consider the following: Limiting encryption to 128 bits or higher, rewriting HTTP (port 80) requests to HTTPS (port 443), logging SSL request information in the access log, and enabling certificate revocation lists (CRL).
We should consider the following when we want to enable SSL directives in the IBM HTTP Server httpd.conf configuration file:

Limiting IBM HTTP Server to encrypt at only 128 bits or higher. There are several methods of configuring IBM HTTP Server to restrict and limit SSL to allow only 128 bit browsers and 128,168 bit ciphers access to Web content. For complete information, refer to Limiting IBM HTTP Server to encrypt at only 128 bits or higher.

How to rewrite HTTP (port 80) requests to HTTPS (port 443). The mod_rewrite.c rewrite module provided with IBM HTTP Server can be used as an effective way to automatically rewrite all HTTP requests to HTTPS. For complete information refer to How to rewrite HTTP (port 80) requests to HTTPS (port 443).

Logging SSL request information in the access log for IBM HTTP Server. The IBM HTTP Server implementation provides SSL environment variables that are configurable with the LogFormat directive in the httpd.conf configuration file. For complete information refer to Logging SSL request information in the access log for IBM HTTP Server.

Enabling certificate revocation lists (CRL) in IBM HTTP Server. Certificate revocation provides the ability to revoke a client certificate given to the IBM HTTP Server by the browser when the key is compromised or when access permission to the key is revoked. CRL represents a database that contains a list of certificates revoked before their scheduled expiration date. For complete information refer to SSL certificate revocation list.

Related tasks

Setting cipher specifications