WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results

Quality of protection (QoP) settings

Use this page to specify security level, ciphers, and mutual authentication settings for the Secure Socket Layer (SSL) configuration.

[AIX HP-UX Linux Solaris Windows] [i5/OS] To view this administrative console page, click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound SSL_configuration_name}. Under Related Items, click SSL configurations > {SSL_configuration_name | New}. Under Additional Properties, click Quality of protection (QoP) settings.

[z/OS] To view this administrative console page, click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound SSL_configuration_name}. Under Related Items, click SSL configurations > {SSL_configuration_name | New JSSE configuration}. Under Additional Properties, click Quality of protection (QoP) settings.

Configuration tab

Client authentication

Specifies the whether SSL client authentication should be requested if the SSL connection is used for the server side of the connection.

If None is selected, the server does not request that a client certificate be sent during the handshake. If Supported is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake might still succeed. If Required is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake fails.

Data type: Text
Default: None
Protocol

Specifies the Secure Sockets Layer (SSL) handshake protocol. This protocol is typically SSL_TLS, which supports all handshake protocols except for SSLv2 on the server side. When United States Federal Information Processing standard (FIPS) option is enabled, Transport Layer Security (TLS) is automatically used regardless of this setting.

Data type: text
Default: SSL_TLS
Predefined JSSE provider [AIX HP-UX Linux Solaris Windows] [i5/OS]

Specifies one of the predefined Java Secure Sockets Extension (JSSE) providers. The IBMJSSE2 provider is recommended for use on all platforms which support it. It is required for use by the channel framework SSL channel. When Federal Information Processing Standard (FIPS) is enabled, IBMJSSE2 is used in combination with the IBMJCEFIPS crypto provider.

Default: Enabled
Select provider [i5/OS] [AIX HP-UX Linux Solaris Windows]

Specifies a package that implements a subset of the cryptography aspects for the Java security application programming interface (API). This value is a JSSE provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.

Data type: Text
Default: IBMJSSE2
Custom JSSE provider [AIX HP-UX Linux Solaris Windows] [i5/OS]

Specifies that a custom JSSE provider should be used.

Default: Disabled
Custom provider [AIX HP-UX Linux Solaris Windows] [i5/OS]

Specifies a package that implements a subset of the cryptography aspects for the Java security application programming interface (API). This value is a Java Secure Sockets Extension (JSSE) provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.

Data type: Text
Cipher suite groups

Specifies the various cipher suite groups that can be chosen depending upon your security needs. The stronger the cipher suite strength, the better the security; however, this can result in performance consequences.

Data type: Text
Default: Strong
Update selected ciphers

When selected, the cipher suites that are contained within the selected Cipher suite group are added to the list of Selected ciphers. Any change to this list changes the Cipher suite group to custom.

Selected ciphers

Specifies the ciphers that are effective when the configuration is saved. These ciphers are used to negotiate with the remote side of the connection during the handshake. A common cipher needs to be selected or the handshake fails.

Data type: Text
Add

Specifies to add the selected cipher to the Selected ciphers list.

Remove

Specifies to remove the selected cipher from the Selected ciphers list.




Related tasks
Creating a Secure Sockets Layer configuration
Related reference
SSL configurations collection
Reference topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/usec_sslqualprotect.html