Secure Sockets Layer settings for custom properties

Use this page to configure additional Secure Sockets Layer (SSL) settings for a defined alias.

To view this administrative console page, click Security > SSL > alias_name> Custom properties.

Configuration tab

Custom Properties

Specifies the name-value pairs that you can use to configure additional SSL settings beyond those available in the com.ibm.ssl.protocol administrative interface.

This value is the SSL protocol that is used, including its version. The possible values are SSL, SSLv2, SSLv3, TLS or TLSv1. The default value, SSL, is backward-compatible with the other SSL protocols.

com.ibm.ssl.keyStoreProvider
The name of the keystore provider to use. Specify one of the security providers listed in your java.security file, which has a keystore implementation. The default value is IBMJCE.
com.ibm.ssl.keyManager
The name of the key management algorithm to use. Specify any key management algorithm that is implemented by one of the security providers that is listed in your java.security file. The default value is IbmX509.
com.ibm.ssl.trustStoreProvider
The name of the truststore provider to use. Specify one of the security providers that is listed in your java.security file, which has a truststore implementation. The default value is IBMJCE.
com.ibm.ssl.trustManager
The name of the trust management algorithm to use. Specify any trust management algorithm that is implemented by one of the security providers listed in your java.security file. The default value is IbmX509.
com.ibm.ssl.trustStoreType
The type or format of the truststore file. The possible values are JKS, PKCS12, JCEK, JCERACFKS (z/OS only) and LCE4748RACFKS (z/OS only). The default value is JKS.
com.ibm.ssl.enabledCipherSuites
The list of cipher suites to enable. By default, this list is not set and the set of cipher suites that is used is determined by the value of the security level (high, medium, or low). A cipher suite is a combination of cryptographic algorithms that are used for an Secure Sockets Layer (SSL) connection. Enter a space-separated list of any of the following cipher suites:
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_DHE_RSA_WITH_DES_CBC_SHA
  • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_DHE_DSS_WITH_DES_CBC_SHA
  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  • SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  • SSL_RSA_WITH_NULL_MD5
  • SSL_RSA_WITH_NULL_SHA
  • SSL_DH_anon_WITH_RC4_128_MD5
  • SSL_DH_anon_WITH_DES_CBC_SHA
  • SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
  • SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
  • SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Data type: String

Cryptographic token

Specifies information about the cryptographic tokens that are related to SSL support.

A cryptographic token is a hardware or software device that has a built-in keystore implementation. Document the exact values for the following fields that are found in the literature of your supported cryptographic device.




Related tasks
Defining Secure Sockets Layer connections
Reference topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 7:21:45 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-dist&topic=usecrassl
File name: usec_rassl.html