When using SSL directives, you should consider the following: Limiting
encryption to 128 bits or higher, rewriting HTTP (port 80) requests to HTTPS
(port 443), logging SSL request information in the access log, and enabling
certificate revocation lists (CRL).
You should consider the following when you want to enable SSL directives
in the IBM
® HTTP
Server
httpd.conf configuration file:
- Limiting IBM HTTP Server to encrypt at only 128 bits or higher. There
are several methods of configuring IBM HTTP Server to restrict and limit SSL
to allow only 128 bit browsers and 128,168 bit ciphers access to Web content.
For complete information, refer to Limiting IBM HTTP Server to encrypt at only 128 bits or higher .
- How to rewrite HTTP (port 80) requests to HTTPS (port 443). The mod_rewrite.c rewrite
module provided with IBM HTTP Server can be used as an effective way to automatically
rewrite all HTTP requests to HTTPS. For complete information refer to How to rewrite HTTP (port 80) requests to HTTPS (port 443).
- Logging SSL request information in the access log for IBM HTTP Server. The IBM HTTP
Server implementation provides Secure Sockets Layer (SSL) environment variables
that are configurable with the LogFormat directive in the httpd.conf configuration
file. For complete information refer to Logging SSL request information in the access log for IBM HTTP
Server.
- Enabling certificate revocation lists (CRL) in IBM HTTP Server. Certificate revocation
provides the ability to revoke a client certificate given to the IBM HTTP Server
by the browser when the key is compromised or when access permission to the
key is revoked. CRL represents a database that contains a list of certificates
revoked before their scheduled expiration date. For complete information refer
to SSL certificate revocation list.