[ssl] stanza

• base-crypto-library
  Use the base-crypto-library stanza entry to specify the cipher engine that GSKit uses.
• crl-ldap-server
  Use the crl-ldap-server stanza entry in the [ssl] stanza to specify the LDAP server that WebSEAL can contact for CRL checking during client-side certificate authentication.
• crl-ldap-server-port
  Use the crl-ldap-server-port entry in the [ssl] stanza to set the port number for WebSEAL to use when it communicates with the LDAP server specified in crl-ldap-server.
• crl-ldap-user
  Use the crl-ldap-user entry in the [ssl] stanza to specify an LDAP user who has permissions to retrieve the CRL on the LDAP server specified in crl-ldap-server.
• crl-ldap-user-password
  Use the crl-ldap-user-password entry in the [ssl] stanza to provide the password for the LDAP user specified in crl-ldap-user.
• disable-ssl-v2
  Use the disable-ssl-v2 entry in the [ssl] stanza to control whether support for SSL version 2 is enabled in WebSEAL.
• disable-ssl-v3
  Use the disable-ssl-v3 entry in the [ssl] stanza to control whether support for SSL version 3 is enabled in WebSEAL.
• disable-tls-v1
  Use the disable-tls-v1 entry in the [ssl] stanza to control whether support for TLS version 1 is enabled in WebSEAL.
• disable-tls-v11
  Use the disable-tls-v11 entry in the [ssl] stanza to control whether support for TLS version 1.1 is enabled in WebSEAL.
• disable-tls-v12
  Use the disable-tls-v12 entry in the [ssl] stanza to control whether support for TLS version 1.2 is enabled in WebSEAL.
• disable-tls-v13
  Use the disable-tls-v13 entry in the [ssl] stanza to control whether support for TLS version 1.3 is enabled in WebSEAL.
• enable-duplicate-ssl-dn-not-found-msgs
  Use the enable-duplicate-ssl-dn-not-found-msgs stanza entry to control whether WebSEAL logs a warning whenever you connect to a junction that has the -K or -B flag set without the -D flag. WebSEAL can log duplicate messages every time it opens a connection to the junction or log a single warning only for each affected junction.
• fips-mode-processing
  Use the fips-mode-processing stanza entry to enable or disable FIPS mode processing.
• gsk-attr-name
  
• gsk-crl-cache-entry-lifetime
  
• gsk-crl-cache-size
  
• jct-gsk-attr-name
  
• nist-compliance
  Use the nist-compliance stanza entry to enable or disable NIST SP800-131A compliance.
• ocsp-enable
  
• ocsp-max-response-size
  
• ocsp-nonce-check-enable
  
• ocsp-nonce-generation-enable
  
• ocsp-proxy-server-name
  
• ocsp-proxy-server-port
  
• ocsp-url
  
• pkcs11-keyfile
  Use this entry to define the name of the pkcs11 key file containing the configuration information for the network HSM device.
• ssl-compliance
  Specifies the SSL compliance mode.
• ssl-max-entries
  
• ssl-v2-timeout
  
• ssl-v3-timeout
  
• suppress-client-ssl-errors
  
• undetermined-revocation-cert-action
  
• webseal-cert-keyfile
  
• webseal-cert-keyfile-label
  
• webseal-cert-keyfile-sni
  Use the webseal-cert-keyfile-sni stanza entry to configure WebSEAL to send a server certificate that contains a host name, which matches the host name in the initial browser request.
• webseal-cert-keyfile-stash
  

Parent topic: Stanza reference