Quality of protection (QoP) settings

Quality of protection (QoP) settings

To specify security level, ciphers, and mutual authentication settings for the SSL configuration...
Security | SSL certificate and key management | Configuration settings | Manage endpoint security configurations | {Inbound | Outbound} | ssl_configuration | Related Items | SSL configurations | {SSL_configuration_name} | Additional Properties | Quality of protection (QoP) settings

Client authentication Whether SSL client authentication should be requested if the SSL connection is used for the server side of the connection. If None is selected, the server does not request that a client certificate be sent during the handshake. If Supported is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake might still succeed. If Required is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake fails.
Protocol SSL handshake protocol. Typically SSL_TLS, which supports all handshake protocols except for SSLv2 on the server side. When FIPS option is enabled, Transport Layer Security (TLS) is automatically used regardless of this setting.
Predefined JSSE provider Specifies one of the predefined JSSE providers. The IBMJSSE2 provider is recommended for use on all platforms which support it. It is required for use by the channel framework SSL channel. When FIPS is enabled, IBMJSSE2 is used in combination with the IBMJCEFIPS crypto provider.
Select provider Specifies a package that implements a subset of the cryptography aspects for the Java security (API). This value is a JSSE provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.
Custom JSSE provider Specifies that a custom JSSE provider should be used.
Custom provider Specifies a package that implements a subset of the cryptography aspects for the Java security (API). This value is a Java Secure Sockets Extension (JSSE) provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.
Cipher suite groups Various cipher suite groups that can be chosen depending upon the security needs. The stronger the cipher suite strength, the better the security; however, this can result in performance consequences.
Update selected ciphers When selected, the cipher suites contained within the selected Cipher suite group are added to the list of Selected ciphers. Any change to this list changes the Cipher suite group to custom.
Selected ciphers Ciphers that are effective when the configuration is saved. These ciphers are used to negotiate with the remote side of the connection during the handshake. A common cipher needs to be selected or the handshake fails.
Add Add the selected cipher to the Selected ciphers list.
Remove Remove the selected cipher from the Selected ciphers list.

Related

SSL configurations collection

Client authentication	Whether SSL client authentication should be requested if the SSL connection is used for the server side of the connection. If None is selected, the server does not request that a client certificate be sent during the handshake. If Supported is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake might still succeed. If Required is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake fails.
Protocol	SSL handshake protocol. Typically SSL_TLS, which supports all handshake protocols except for SSLv2 on the server side. When FIPS option is enabled, Transport Layer Security (TLS) is automatically used regardless of this setting.
Predefined JSSE provider	Specifies one of the predefined JSSE providers. The IBMJSSE2 provider is recommended for use on all platforms which support it. It is required for use by the channel framework SSL channel. When FIPS is enabled, IBMJSSE2 is used in combination with the IBMJCEFIPS crypto provider.
Select provider	Specifies a package that implements a subset of the cryptography aspects for the Java security (API). This value is a JSSE provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.
Custom JSSE provider	Specifies that a custom JSSE provider should be used.
Custom provider	Specifies a package that implements a subset of the cryptography aspects for the Java security (API). This value is a Java Secure Sockets Extension (JSSE) provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.
Cipher suite groups	Various cipher suite groups that can be chosen depending upon the security needs. The stronger the cipher suite strength, the better the security; however, this can result in performance consequences.
Update selected ciphers	When selected, the cipher suites contained within the selected Cipher suite group are added to the list of Selected ciphers. Any change to this list changes the Cipher suite group to custom.
Selected ciphers	Ciphers that are effective when the configuration is saved. These ciphers are used to negotiate with the remote side of the connection during the handshake. A common cipher needs to be selected or the handshake fails.
Add	Add the selected cipher to the Selected ciphers list.
Remove	Remove the selected cipher from the Selected ciphers list.