IBM Security Verify Access for Web WebSEAL ssl-nist-compliance stanza entry

ssl-nist-compliance

Use the ssl-nist-compliance stanza entry in the [dsess-cluster] stanza to enable or disable NIST SP800-131A compliance for the distributed session cache.

ssl-nist-compliance = {yes|no}

Description

Enable or disable NIST SP800-131A compliance for the distributed session cache.
Enabling NIST SP800-131A compliance results in the following automatic configuration:

Enables FIPS mode processing. When NIST SP800-131A compliance is enabled, FIPS mode processing is enabled regardless of the setting for the [dsess-cluster] ssl-fips-enabled configuration entry.
Enables TLS v1.2. TLS v1 and TLS v1.1 are not disabled.
Enables the appropriate signature algorithms.
Set the minimum RSA key size to 2048 bytes.

If this ssl-nist-compliance configuration entry is not present, WebSEAL uses the global nist-compliance setting in the [ssl] stanza.
Options

yes A value of yes enables NIST SP800-131A compliance.
no A value of no disables NIST SP800-131A compliance.

Usage: Optional
Default: no
Example:
ssl-nist-compliance = no

Parent topic: [dsess-cluster] stanza

yes	A value of yes enables NIST SP800-131A compliance.
no	A value of no disables NIST SP800-131A compliance.