An SSL repertoire with an ID, a defined keystore, and an optional truststore.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
keyStoreRef | A reference to top level keyStore element (string). | A keystore containing key entries for the SSL repertoire. This attribute is required. | |
trustStoreRef | A reference to top level keyStore element (string). | ${keyStoreRef} | A keystore containing trusted certificate entries used by the SSL repertoire for signing verification. This attribute is optional. If unspecified, the same keystore is used for both key and trusted certificate entries. |
sslProtocol | string | The SSL handshake protocol. Protocol values can be found in the documentation for the underlying JRE's Java Secure Socket Extension (JSSE) provider. When using the IBM JRE the default value is SSL_TLS and when using the Oracle JRE the default value is SSL. | |
clientAuthentication | boolean | false | Specifies whether client authentication is enabled. If set to true then client authentication is required and the client must provide a certificate for the server trusts. |
clientAuthenticationSupported | boolean | false | Specifies whether a client authentication is supported. If set to true then the client authentication support means the server will check trust from a client if the client presents a certificate. |
securityLevel |
| HIGH | Specifies the cipher suite group used by the SSL handshake. HIGH are 3DES and 128 bit and higher ciphers, MEDIUM are DES and 40 bit ciphers, LOW are ciphers without encryption. If the enabledCiphers attribute is used the securityLevel list is ignored. MEDIUM %repertoire.MEDIUM CUSTOM %repertoire.CUSTOM HIGH Cipher suites 3DES and 128 bit and higher LOW %repertoire.LOW |
clientKeyAlias | string | Specifies the alias of the certificate in the keystore that is used as the key to send to a server that has client authentication enabled. This attribute is only needed if the keystore has more than one key entry. | |
serverKeyAlias | string | Specifies the alias of the certificate in the keystore used as the server's key. This attribute is only needed if the keystore has more then one key entry. | |
enabledCiphers | string | Specifies a custom list of ciphers. Separate each cipher in the list with a space. The supported cipher will depend on the underlying JRE used. Please check the JRE for valid ciphers. |