SSL settings for custom properties

To configure additional SSL settings for a defined alias.

To view this administrative console page, click Security > SSL > alias_name > Custom properties.

 

Configuration tab

Custom Properties Name-value pairs that you can use to configure additional SSL settings beyond those available in the administrative interface com.ibm.ssl.protocol.

This is the SSL protocol used (including its version). The possible values are SSL, SSLv2, SSLv3, TLS, or TLSv1. The default value, SSL, is backward-compatible with the other SSL protocols.

com.ibm.ssl.keyStoreProvider The name of the key store provider to use. Specify one of the security providers listed in your java.security file, which has a keystore implementation. The default value is IBMJCE.

com.ibm.ssl.keyManager The name of the key management algorithm to use. Specify any key management algorithm that is implemented by one of the security providers listed in your java.security file. The default value is IbmX509.

com.ibm.ssl.trustStoreProvider The name of the trust store provider to use. Specify one of the security providers listed in your java.security file, which has a truststore implementation. The default value is IBMJCE.

com.ibm.ssl.trustManager The name of the trust management algorithm to use. Specify any trust management algorithm that is implemented by one of the security providers listed in your java.security file. The default value is IbmX509.

com.ibm.ssl.trustStoreType The type or format of the truststore file. The possible values are JKS, PKCS12, JCEK. The default value is JKS.

com.ibm.ssl.enabledCipherSuites The list of cipher suites to enable. By default, this is not set and the set of cipher suites used is determined by the value of the security level (high, medium, or low). A cipher suite is a combination of cryptographic algorithms used for an SSL connection. Enter a space-separated list of any of the following cipher suites:

  • SSL_RSA_WITH_RC4_128_MD5

  • SSL_RSA_WITH_RC4_128_SHA

  • SSL_RSA_WITH_DES_CBC_SHA

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_RSA_WITH_DES_CBC_SHA

  • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_DSS_WITH_DES_CBC_SHA

  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

  • SSL_RSA_EXPORT_WITH_RC4_40_MD5

  • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

  • SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

  • SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

  • SSL_RSA_WITH_NULL_MD5

  • SSL_RSA_WITH_NULL_SHA

  • SSL_DH_anon_WITH_RC4_128_MD5

  • SSL_DH_anon_WITH_DES_CBC_SHA

  • SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

  • SSL_DH_anon_EXPORT_WITH_RC4_40_MD5

  • SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA

Data type... String

Cryptographic token Specifies information about the cryptographic tokens related to SSL support.

A cryptographic token is a hardware or software device that has a built-in keystore implementation. Document the exact values for the following fields in the found in the literature of your supported cryptographic device.