The encryption algorithms and hashes used for SSL versions 2 and 3 are listed in the following tables.
Key Pair Generation: RSA 512-1024 private key sizes
SSL Version 2
US version | Export version |
RC4 US | RC4 Export |
RC2 US | RC2 Export |
DES 56-bit | not applicable |
Triple DES US | not applicable |
RC4 Export | not applicable |
RC2 Export | not applicable |
SSL Version 3
US version | Export version |
Triple DES SHA US | DES SHA Export |
DES SHA Export | RC2 MD5 Export |
RC2 MD5 Export | RC4 MD5 Export |
RC4 SHA US | NULL SHA |
RC4 MD5 US | NULL MD5 |
RC4 MD5 Export | NULL NULL |
RC4 SHA 56-bit | not applicable |
DES CBC SHA | not applicable |
NULL SHA | not applicable |
NULL MD5 | not applicable |
NULL NULL | not applicable |
These SSL specifications can also be configured by directly editing the proxy configuration file. For details, see the reference sections in Appendix B. Configuration file directives for the following directives:
128-bit encryption for Caching Proxy
Only a 128-bit encryption version of Caching Proxy is being delivered. The 56-bit version is no longer available. If you are updating a previous version, you can install Caching Proxy directly to your currently installed 128-bit or 56-bit version. If you were previously using a 56-bit (export) browser, you must upgrade to a 128-bit browser in order to take advantage of the 128-bit encryption in the proxy.
After an upgrade from a 56-bit version of Caching Proxy to the 128-bit version, if the key size used to encrypt certificates is set to 1024, then no configuration change is necessary. However, if the key size is set to 512, in order to take advantage of the proxy's 128-bit encryption, you must create new certificates with a key size of 1024. Create new keys by using the IBM Key Manager utility (iKeyman).
See Key and certificate management for a detailed discussion of the IBM Key Manager utility.
Note that this version of the product does not support encryption on SUSE Linux.