Home
When an SSL connection is established, the client (Web browser) and the Web server negotiate the cipher to use for the connection. The Web server has an ordered list of ciphers, and the first cipher in the list that is supported by the client is selected.
SSL V3 and TLSV1
If we specify V3 or TLS ciphers, and you do not specify SSL V2 ciphers, then SSL V2 support is disabled. If we specify SSL V2 ciphers, and you do not specify SSL V3 or TLS ciphers, then SSL V3 and TLS support is disabled.In accordance with the NIST change for 19 May 2007, IBM HTTP Server does not support single-DES ciphers in FIPS mode for versions 6.0.2.1 or later and 6.0.1.11 or later.
Short name Long name Description 3A SSL_RSA_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168-bit) 33 SSL_RSA_EXPORT_WITH_RC4_40_MD5 RC4 SHA (40-bit) 34 SSL_RSA_WITH_RC4_128_MD5 RC4 MD5 (128-bit) 39 SSL_RSA_WITH_DES_CBC_SHA DES SHA (56-bit) 35 SSL_RSA_WITH_RC4_128_SHA RC4 SHA (128-bit) 35b TLS_RSA_WITH_AES_256_CBC_SHA AES SHA (256 bit) 2F TLS_RSA_WITH_AES_128_CBC_SHA AES SHA (128 bit) 36 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 Cipher specification 36 requires Netscape Navigator V4.07; it does not work on earlier versions of Netscape browsers.
RC2 MD5 (40-bit) 32 SSL_RSA_WITH_NULL_SHA 31 SSL_RSA_WITH_NULL_MD5 30 SSL_NULL_WITH_NULL_NULL 62
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA DES SHA Export 1024 (56-bit) 64
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA RC4 SHA Export 1024 (56-bit)
FIPS Approved NIST SSLV3 and TLSV1 ciphers
The SSLFIPSEnable directive enables FIPSs (FIPS). When the SSLFIPSEnable directive is enabled, the set of ciphers available is restricted to the ciphers listed in the following table.
Short name Long name Description 3A SSL_RSA_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168-bit) FF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168 bit) 35b TLS_RSA_WITH_AES_256_CBC_SHA AES SHA (256 bit) 2F TLS_RSA_WITH_AES_128_CBC_SHA AES SHA (128 bit)
Related reference