Set cipher specifications
This topic describes setting cipher specifications for secure transactions.
Overview
For each virtual host, set the cipher specification to use during secure transactions. The specified cipher specifications validate against the level of the Global Security Kit (GSK) toolkit that is installed on our system. Invalid cipher specifications cause an error to log in the error log. If the client issuing the request does not support the ciphers specified, the request fails and the connection closes to the client.IBM HTTP Server has a built-in list of cipher specifications to use for communicating with clients over Secure Sockets Layer (SSL). The actual cipher specification that is used for a particular client connection is selected from those which are supported by both IBM HTTP Server and the client.
Some cipher specifications provide a weaker level of security than others, and might need to be avoided for security reasons. Some of the stronger cipher specifications are more computationally intensive than weaker cipher specifications and might be avoided if required for performance reasons. We can use the SSLCipherSpec directive to provide a customized list of cipher specifications that are supported by the Web server in order to avoid the selection of cipher specifications that are considered too weak or too computationally intensive.
Procedure
- Specify a value for each virtual host stanza in the configuration file that are on the SSLCipherSpec directive, as in the following examples: SSLCipherSpec short_name or SSLCipherSpec long_name, where short_name and long_name represent the name of SSL V2 cipher specifications or SSL V3 and TLS V1 cipher specifications.
- Save the configuration file and restart the server.
Sub-topics
Internet Explorer V5.01x security workaround
View cipher specifications
SSL V2 cipher specifications
SSL V3 and TLS V1 cipher specifications
Related reference
SSL directives