Secure Sockets Layer settings for custom properties

 

Secure Sockets Layer settings for custom properties

Use this page to configure additional Secure Sockets Layer (SSL) settings for a defined alias.

To view this administrative console page, click Security > SSL > alias_name> Custom properties.

Configuration tab

Custom Properties

The name-value pairs that you can use to configure additional SSL settings beyond those available in the com.ibm.ssl.protocol administrative interface.

This value is the SSL protocol that is used, including its version. The possible values are SSL, SSLv2, SSLv3, TLS or TLSv1. The default value, SSL, is backward-compatible with the other SSL protocols.

com.ibm.ssl.keyStoreProvider

The name of the keystore provider to use. Specify one of the security providers listed in your java.security file, which has a keystore implementation. The default value is IBMJCE.

com.ibm.ssl.keyManager

The name of the key management algorithm to use. Specify any key management algorithm that is implemented by one of the security providers that is listed in your java.security file. The default value is IbmX509.

com.ibm.ssl.trustStoreProvider

The name of the truststore provider to use. Specify one of the security providers that is listed in your java.security file, which has a truststore implementation. The default value is IBMJCE.

com.ibm.ssl.trustManager

The name of the trust management algorithm to use. Specify any trust management algorithm that is implemented by one of the security providers listed in your java.security file. The default value is IbmX509.

com.ibm.ssl.trustStoreType

The type or format of the truststore file. The possible values are JKS, PKCS12, JCEK, JCERACFKS (z/OS only) and LCE4748RACFKS (z/OS only). The default value is JKS.

com.ibm.ssl.enabledCipherSuites

The list of cipher suites to enable. By default, this list is not set and the set of cipher suites that is used is determined by the value of the
security level (high, medium, or low). A cipher suite is a combination of cryptographic algorithms that are used for an Secure Sockets Layer (SSL) connection. Enter a space-separated list of any of the following cipher suites:

  • SSL_RSA_WITH_RC4_128_MD5

  • SSL_RSA_WITH_RC4_128_SHA

  • SSL_RSA_WITH_DES_CBC_SHA

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_RSA_WITH_DES_CBC_SHA

  • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_DSS_WITH_DES_CBC_SHA

  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

  • SSL_RSA_EXPORT_WITH_RC4_40_MD5

  • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

  • SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

  • SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

  • SSL_RSA_WITH_NULL_MD5

  • SSL_RSA_WITH_NULL_SHA

  • SSL_DH_anon_WITH_RC4_128_MD5

  • SSL_DH_anon_WITH_DES_CBC_SHA

  • SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

  • SSL_DH_anon_EXPORT_WITH_RC4_40_MD5

  • SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA

Data type: String

Cryptographic token

Specifies information about the cryptographic tokens that are related to SSL support.

A cryptographic token is a hardware or software device that has a built-in keystore implementation. Document the exact values for the following fields that are found in the literature of your supported cryptographic device.




 

Related tasks


Defining Secure Sockets Layer connections