Apache HTTP Server Version 2.4
Description: | Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol support for IBM HTTP Server |
---|---|
Status: | Extension |
Module Identifier: | ibm_ssl_module |
Source File: | mod_ibm_ssl.c |
This module provides SSL and TLS support for IBM HTTP Server. This documentation is a supplement to the IBM Information Center and is primarily oriented towards IBM HTTP Server 8.0 and later. If a directive is not listed, consult the information center.
Example command line invocation to generate a new keystore with a self-signed certificate in it:
$ /opt/IHS/bin/gskcapicmd -keydb -create -db /opt/IHS/conf/key.kdb -pw yourpassword -stash
$ /opt/IHS/bin/gskcapicmd -cert -create -db /opt/IHS/conf/key.kdb -stashed -size 2048 -sig_alg SHA256_WITH_RSA -san_dnsname example.com,www.example.com -label selfsigned -dn "CN=$(hostname)" -default_cert yes -expire 1000
Example IHS configuration to enable SSL with default ciphers:
Listen 0.0.0.0:443 LoadModule ibm_ssl_module modules/mod_ibm_ssl.so <VirtualHost *:443> ServerName example.com SSLEnable KeyFile /opt/IHS/conf/key.kdb </VirtualHost>
Several kinds of tracing are available with this module.
LogLevel
to debug and add
SSLTrace
to the bottom of the global configuration.GSK_TRACE_FILE=/tmp/gsktrace_log GSK_TRACE_FILE_SIZE=104857600 GSK_TRACE_FILE_NUMBER=5 export GSK_TRACE_FILE export GSK_TRACE_FILE_SIZE export GSK_TRACE_FILE_NUMBER
Perform a complete stop and start of the webserver to pickup the environment variable changes.
SSLTrace
directive and log the SSL_HANDSHAKE_TIME environment variable, e.g.:
LogFormat "%h %l %u %t \"%r\" %>s %b %{SSL_HANDSHAKE_TIME}e" common
SSLReverseCipherOrder
can be used.bin/gskcapicmd
(or gskkyman on z/OS)
and use ECDHE-ECDSA ciphers using SSLCipherSpec.
IHS can be configured to prefer an ECDSA certificate if a client supports it and to fallback to
an RSA certificate otherwise. See SSLServerCert
for more information.
TLS_ECDHE_RSA_WITH_NULL_SHA(C010) TLS_ECDHE_RSA_WITH_RC4_128_SHA(C011) TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(C012) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(C013) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(C014) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(C027) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(C028) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(C02F) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(C030)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(C007) TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(C008) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(C009) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(C00A) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(C023) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(C024) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(C02B) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(C02C)
SSLProtocolDisable
Yes, see SSLAttributeSet
with attribute ID 245,
a type of BUFF, and a string value such as:
"GSK_TLS_SIGALG_RSA_WITH_SHA224,GSK_TLS_SIGALG_RSA_WITH_SHA256,GSK_T
LS_SIGALG_RSA_WITH_SHA384,GSK_TLS_SIGALG_RSA_WITH_SHA512,GSK_TLS_SIG
ALG_ECDSA_WITH_SHA224,GSK_TLS_SIGALG_ECDSA_WITH_SHA256,GSK_TLS_SIGAL
G_ECDSA_WITH_SHA384,GSK_TLS_SIGALG_ECDSA_WITH_SHA512"
SSLFIPSEnable
SSLSuiteBMode
and the
optional arguments of SSLFIPSEnable
Server Name Indication (SNI) support for IBM HTTP Server allows certificate selection to be based on the SNI extension sent by TLS clients. It does not allow other handshake-related settings from a name-based virtualhost to be used.
Definitions for SNI
Requirements for SNI
SSLEnable
directive.SSLServerCert
,
SSLEnable
. Handshake related directives have no affect on the handshake
in non-default virtual hosts.Two forms of SNI
In the first form of SNI, only a single virtual host is used,
and the SSLSNIMap
directive is used to map between
hostnames and certificate labels.
<virtualhost *:443> ServerName example.com SSLEnable SNI SSLServerCert default SSLSNIMap a.example.com sni1-rsa # On z/OS, this second label requires PH18102 and z/OS V2R3 (or later) SSLSNIMap a.example.com sni1-ecdsa SSLSNIMap b.example.com sni2 KeyFile /opt/IBM/HTTPServer/conf/key.kdb # ... Any other SSL directives </virtualhost>
ServerName
, non-wildcard ServerAlias
,
and SSLServerCert
.
# Key store with certificates for each "SSLServerCert" or ServerName in later matching vhosts. KeyFile /opt/IBM/HTTPServer/conf/key.kdb <virtualhost *:443> ServerName example.com SSLEnable SNI # ... any other SSL directives to be shared with later matching vhosts # If not defined globally, Key store with certificates for each "SSLServerCert" or ServerName in later matching vhosts. # KeyFile /opt/IBM/HTTPServer/conf/key.kdb </virtualhost> <virtualhost *:443> ServerName a.example.com SSLEnable SSLServerCert sni1 # If no global KeyFile is specified, a KeyFile must be listed in each subsequent virtual host. This KeyFile must exist and contain the # specified SSLServerCert but will not be used at runtime. # KeyFile /opt/IBM/HTTPServer/conf/key.kdb # No other SSL directives should be used, they cannot influence the handshake. Non SSL directives can be scoped to this virtual host. </virtualhost> <virtualhost *:443> ServerName b.example.com ServerAlias other.example.com SSLEnable SSLServerCert sni2 # If no global KeyFile is specified, a KeyFile must be listed in each subsequent virtual host. This KeyFile must exist and contain the # specified SSLServerCert but will not be used at runtime. # KeyFile /opt/IBM/HTTPServer/conf/key.kdb # No other SSL directives should be used, they cannot influence the handshake. Non SSL directives can be scoped to this virtual host. </virtualhost>
Description: | Identifies the keyfile containing certificates and private keys. |
---|---|
Syntax: | KeyFile /path/to/key.kdb [/prompt] | /saf [owner/]saf-keyring-name
|
Default: | unset |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive configures the SSL key file to be used for the enclosing
virtual host. A corresponding stashfile (*.sth
) is automatically used with
the same base name as the specified KeyFile
.
On z/OS, the name of a SAF keyring can be specified following a first argument of /saf
. For more details on the syntax and usafe of SAF keyrings,
see the definition of GSK_KEYRING_FILE in the z/OS Cryptographic Services System SSL Programming
topic in your release of z/OS.
If the second argument is /prompt
, IBM HTTP Server will interactively prompt for the corresponding
password instead of using the stash file referenced above.
Description: | Allows use of non-standard certificate policy. |
---|---|
Syntax: | SSLAllowLegacyCerts ON|OFF |
Default: | ON |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | On z/OS, RFC5280 is replaced with RFC3280 below |
When this directive is turned off, only the standard policy for certificates will be applied. That is, only certificates meeting the requirements in RFC5280 (part of the X.509 standard) will be accepted as valid.
The IBM Global Security Kit has deprecated the use of legacy certificates. However, if you still must use a pre-X.509 certificate, this directive may be toggled on and the certificate will be used as long as it is valid.
OFF
on distributed platforms.
Description: | Enables toleration of non-crticial InhibitAnyPolicy extension |
---|---|
Syntax: | SSLAllowNonCriticalInhibitAnyPolicy ON|OFF |
Default: | OFF |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Requirs PI91351 |
Description: | Directly configures underlying GSKit security library settings. |
---|---|
Syntax: | SSLAttributeSet [proxy:]gskit-id val [ENUM|NUMERIC|BUFF|BUFFNULL] |
Default: | none |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | IHS 7.0 only supports setting "enum" types, and doesn't support the "proxy:" prefix. 'BUFFNULL' added in PI76874 |
Sets underlying IBM Tivoli Global Security Kit (GSKit) configuration. Advanced usage only at the recommendation of IHS support.
These settings are applied after directives such as SSLCipherSpec
and
generally override what was previously set.
On z/OS, the file /usr/include/gskssl.h contains the symbolic names for the keys and values that are useable with this directive
Description: | Checks for expired or expiring certificates at startup. |
---|---|
Syntax: | SSLCheckCertificateExpiration days|-1 ["no_expired"] |
Default: | Disabled |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | IHS 9.0.0.0 and later. Not available on z/OS. |
If this directive is specified with a days parameter greater than zero, IHS will check
the validity range of each certificate (personal, issuer, and immediate) in
each configured KeyFile
during SSL initialization.
For each certificate expiring within the specified number of days,
the server will write a ALERT level message to the servers
ErrorLog
with the message ID "SSL0191E".
If this directive is enabled, certificates which have already expired are printed at NOTICE level with message ID "SSL0192E", unless the second parameter is the string "no_expired". To report only expired certificates, specify -1 for the first parameter.
Example:
Listen 443
# Warn about expired certificates, or certificates expiring in the next 30 days
SSLCheckCertificateExpiration 30
<VirtualHost *:443>
SSLEnable
...
</VirtualHost>
Results in: "SSL0191E: Certificate label 'expiresoon' in key store /opt/IHS/conf/key.kdb will expire in 22 days"
Description: | Determines which SSL ciphers should be permitted. |
---|---|
Syntax: | SSLCipherSpec [ALL|SSLv2|SSLv3|TLSv10|TLSv11|TLSv12|TLSv13] [+|-]cipher-shortname|[+|-]cipher-longname ... |
Default: | 8.0 and later: reasonable default ciphers (SSLv2, weak, export, and NULL removed) |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | A separate syntax for z/OS is documented in the next section. |
When the first argument is "ALL", multiple ciphers can appear on one line and can be prefixed with +/- to add to or remove from the compiled-in defaults. On z/OS, the cryptographic library uses a single merged list of ciphers for SSLv3 and all later protocols, so the first argument must always be "ALL" instead of a protocol name.
This directive allows the configuration of the specific SSL ciphers, as well as their order. Each protocol starts with a set of reasonable default ciphers, and this directive can add, remove, or re-order those ciphers.
The first argument specifies the name of a specific SSL protocol whose ciphers will be adjusted, or "ALL" to adjust all protocols for which the following ciphers are applicable. If "ALL" is specified, and a cipher cannot be removed or added due to not being applicable to that protocol, no error is reported. This allows a cipher to be added or removed from any protocol where it might be supported, without having to know in advance exactly where it applies.
The second argument specifies the cipher to add or remove. Ciphers prefixed with a minus symbol are removed from the current set of ciphers, and ciphers with a plus symbol (or no symbol at all) are added.
Each protocol starts with a default list of ciphers. The cipher list for each protocol is ordered, the server picks the first entry in the cipher list that the client also supports. This list can be changed in several ways:
NONE
."-CBC" is also supported with similar semantics as "-RSA"
After PH51473, the RSA and CBC pseudo-ciphers can be used with a "+" prefix.
The third case is a complicated compromise to tolerate legacy configurations while protecting against "SSLCipherSpec very-old-cipher" disabling more advanced ciphers inadvertently, in future protocols where very-old-cipher is not applicable
The second argument can be repeated, but "NONE" is only accepted in the initial position.
The first time a protocol is changed by this directive, if the cipher argument is not prefixed by a plus or minus symbol, the defaults are discarded and the current cipher becomes the only cipher.
A legacy syntax is supported which includes a single argument (cipher name), however its use is not recommended and may not be combined with the full syntax above. The legacy syntax is likely to counter-intuitively disable ciphers new to TLSv1.2 when common ciphers are configured.
When the legacy syntax is used, the following logic is applied: For each protocol, If the specified cipher is applicable to the protocol, and the protocol is still using the default cipher list, the cipher list is replaced by the specified protocol. If the defaults are not in use (as in for subsequent uses of this directive) then the cipher is added to the current overridden list.
To illustrate the undesirable affects of the legact syntax:
Examples:
# Remove 3DES anywhere it shows up
SSLCipherSpec ALL -SSL_RSA_WITH_3DES_EDE_CBC_SHA
# Replace (no +/-) TLSv12 cipher list
SSLCipherSpec TLSv12 TLS_RSA_WITH_AES_128_GCM_SHA256
SSLCipherSpec TLSv12 TLS_RSA_WITH_AES_256_GCM_SHA384
# Remove RSA key exchange (non-PFS) ciphers (requires 9.0.5.7 or later) SSLCipherSpec ALL -RSA
SSLCipherSpec ALL -TLS_RSA_WITH_AES_128_CBC_SHA -TLS_RSA_WITH_AES_256_CBC_SHA
Normally, this directive is only specified inside a virtual host. In the event it is specified both inside and outside of a virtual host, the virtual hosts configured SSL ciphers will be the union of the two lists.
Description: | Configures IBM HTTP Server to request a client certificate from the browser |
---|---|
Syntax: | SSLClientAuth none|optional|required|required_reset |
Default: | SSLClientAuth none |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive configures if and how IBM HTTP Server will request an SSL certificate from clients. This feature is sometimes referred to as "mutual authentication" because it adds authentication of the client to the typical SSL server authentication.
Description: | Controls server-side support for TLS Compression |
---|---|
Syntax: | SSLCompression ON|OFF |
Default: | SSLCompression OFF |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Not available on z/OS. |
This directive can be used to re-enable TLS compression TLS compression in web browsers is vulnerable to man in the middle attacks when malicious content is introduced.
Description: | DisablesSSL for the enclosing virtual host |
---|---|
Syntax: | SSLDisable |
Default: | unset |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive configures the enclosing virtual host to NOT use
the SSL protocol. This is only necessary in non-SSL virtual hosts in the
unusual case when the base server configuration has been configured for SSL with
SSLEnable
, which is automatically inherited by all
virtual hosts.
Description: | Enables SSL for the enclosing virtual host |
---|---|
Syntax: | SSLEnable [SNI] |
Default: | unset |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive configures the enclosing virtual host to use the SSL protocol. The SNI
option
is only valid on the default (first listed) virtualhost for a set of name-based virtual hosts
SSL0263W can be issued if mod_ibm_ssl goes from being not loaded (via LoadModule
)
to being loaded across an graceful restart. While in general modules may be
removed or added during a graceful restart, mod_ibm_ssl cannot support this sequence.
Description: | Gracefully terminates a process reporting too many fatal handshake errors |
---|---|
Syntax: | SSLFatalErrorLimit failures |
Default: | SSLFatalErrorLimit 0 |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Requires PH32229 |
In some rare cases, an individual process will stop processing handshakes and return errors such as SSL0209E/SSL0212E/SSL0203E. If this directive is set to non-zero, the process will gracefully exit after seeing the specified number of SSL0209E/SSL0212E/SSL0203E failures.
This directive is NOT inherited from the base server config to virtual hosts.
Description: | Configures an SSL enabled virtual host to NOT use FIPS 140-2 certified ciphers |
---|---|
Syntax: | SSLFIPSDisable |
Default: | SSLFIPSDisable |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Directive and functionality not available on z/OS until IBM HTTP Server 8.5 |
This directive causes the server to use the default SSL implementation
in the bundled GSKit library. This directive is normally not required unless
SSLFIPSEnable
appears in global server configuration.
Description: | Configures an SSL enabled virtual host to use FIPS 140-2 certified ciphers |
---|---|
Syntax: | SSLFIPSEnable [SP800131A|uncertified|uncertified_only]... |
Default: | unset |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Directive and functionality not available on z/OS until IBM HTTP Server 8.5. No arguments are supported on z/OS. |
This directive causes the server to use the FIPS 140-2
validated cryptographic modules and ciphers available in the bundled
GSKit library. It augments, not replaces, the SSLEnable
directive.
IBM HTTP Server 8.5 and later on z/OS supports this directive being enabled only
in a global (base configuration, outside of any vhost) context only. On z/OS,
a FIPS compatible KeyFile
must be created with gskkyman for both
IBM HTTP Server and the WAS Plugin. FIPS compatible keystores on z/OS only allow certs with
strong cryptography to be stored inside of them.
Optional arguments perform further configuration:
The uncertified module is what is used in the absense of SSLEnable
.
Description: | Enables GSKit trace. |
---|---|
Syntax: | SSLGSKitTraceEnable c:/trace.log[ size-in-MB [num-files [options ]]] |
Default: | Disabled, but if just only first parameter is used the other paremters default to 250MB and 4 files. |
Context: | server config |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Not available on z/OS. |
This directive enables the equivalent of setting the GSK_TRACE_FILE GSK_TRACE_FILE_SIZE, and GSK_TRACE_FILE_NUMBER environment variables.
The final parameter, options, can be set to "1" to enable GSK_TRACE_NO_BUFFERING
Description: | Configures timeout on handshake operations |
---|---|
Syntax: | SSLHandshakeTimeout IO-timeout [end-to-end timeout[ms]] |
Default: | SSLHandshakeTimeout 5 10 |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Pre-9.0, this timeout defaulted to the core Timeout
value. After 9.0, even if the directive is not explicitly specified, the defaults above will be used. |
This directive can be used to reduce the timeout for SSL handshake I/O operations and to impose an end-to-end timeout on SSL handshakes.
<VirtualHost *:443>
SSLEnable
Timeout 60
SSLHandshakeTimeout 5
</VirtualHost>
<VirtualHost *:443>
SSLEnable
Timeout 60
SSLHandshakeTimeout 2 4000ms
</VirtualHost>
A value of 0 for either value will use the core Timeout
value.
Description: | Enforces a minimum RSA key size for certificates. See usage for platform differences. |
---|---|
Syntax: | SSLMinimumRSAKeySize bits |
Default: | 0 (no minimum) |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Added in PH51709 |
This directive is primarily used to enforce a minimum RSA key size for client certificates. The exact behavior depends on the capabilities provided by the platform security library.
GSK_PEER_RSA_MIN_KEY_SIZE
in the System SSL programming guide.In the event the minimum is not met, the SSL handshake will fail.
This directive does not have any affect on certificates sent or received by the WebSphere WebServer Plug-in.
Description: | Enables OCSP caching and specifies the maximum number of elements in the cache. |
---|---|
Syntax: | SSLOCSPCacheSize elements |
Default: | see synopsis |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | PH54894 |
This directive specifies the size of the internal OCSP response cache.
Legend for the fields in /server-status. Note: The output data and format is intended to be human readable and is subject to change i.e. the output format MUST NOT be considered a specification.
Description: | Enables connect() timeout on outobuund OCSP connections |
---|---|
Syntax: | SSLOCSPConnectionTimeout seconds |
Default: | SSLOCSPConnectionTimeout 10 |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Requires PH01222 |
This directive can specify a timeout for connecting to an OCSP server while validating a client certificate. Prior to PH01222, there was no explicit default, and especially on Windows the connection attempt could have for an extended time if it was not completed or actively refused.
This directive is inherited from the base server config to virtual hosts.
Description: | The SSLOCSPEnable directive enables checking of client certificates through OCSP responders defined in the Authority Information Access (AIA) extension of their certificate. |
---|---|
Syntax: | SSLOCSPEnable |
Default: | not set |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Distributed platforms only prior to PI46822. On z/OS, requires z/OS V2R2 or later |
If SSLOCSPEnable
is set, and any certificate in the SSL client certificate chain contains an AIA extension, IBM HTTP Server contacts the OCSP responder indicated by the AIA extension to check revocation status of that certificate.
If both OCSP and CRL checking is configured, OCSP checking is performed before any CRL checking. CRL checking occurs only if the result of the OCSP checking is unknown or inconclusive.
If both SSLOCSPEnable
and SSLOCSPResponderURL
are configured, the responder defined by SSLOCSPResponderURL
is checked first. If the revocation status is unknown or inconclusive, IBM HTTP Server checks OCSP responders for SSLOCSPEnable
.
https URIs are not supported for OCSP.
Description: | The SSLOCSPResponderURL directive enables checking of client certificates through a statically configured online certificate status protocol (OCSP) responder. |
---|---|
Syntax: | SSLOCSPResponderURL fully-qualified-url |
Default: | not set |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Distributed platforms only prior to PI46822. On z/OS, requires z/OS V2R2 or later |
If SSLOCSPEnable
is set, and any certificate in the SSL client certificate chain contains an AIA extension, IBM HTTP Server contacts the OCSP responder indicated by the AIA extension to check revocation status of that certificate.
If both OCSP and CRL checking is configured, OCSP checking is performed before any CRL checking. CRL checking occurs only if the result of the OCSP checking is unknown or inconclusive.
If both SSLOCSPEnable
and SSLOCSPResponderURL
are configured, the responder defined by SSLOCSPResponderURL
is checked first. If the revocation status is unknown or inconclusive, IBM HTTP Server checks OCSP responders for SSLOCSPEnable
.
https URIs are not supported for OCSP.
Description: | The SSLProtocolDisable directive allows you to disable individual SSL protocols. |
---|---|
Syntax: | SSLProtocolDisable [PROXY|SERVER] SSLv2|SSLv3|TLSv10|TLSv11|TLSv12|TLSv13 ... |
Default: | see notes |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive can be used to disable individual SSL protocols. Multiple protocols can be specified, separated by spaces.
In scopes with SSLProxyEngine
set to "ON", this directive also controls the protocols used for outbound
TLS connections. To change one without changing another, specify "PROXY" or "SERVER" as the first argument.
Default protocols using the latest available maintenance: TLSv12 TLSv13
Description: | The SSLProtocolEnable directive allows you to enable individual SSL protocols. |
---|---|
Syntax: | SSLProtocolEnable [PROXY|SERVER] SSLv2|SSLv3|TLSv10|TLSv11|TLSv12|TLSv13 ... |
Default: | see notes for SSLProtocolDisable |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive can be used to enable individual SSL protocols.
Before explicitly enabling TLS1.3, consider the performance information below.
TLS13Options
directive, SSL session reuse will be diminished
(proportional to the number of child processes) which may have a marginal affect on performance.
The default (and maximum) ServerKeyRefresh interval is 7 days.Description: | Adds SSL support to outgoing reverse proxy connections |
---|---|
Syntax: | SSLProxyEngine on|off |
Default: | SSLProxyEngine offnone |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive configures IHS to handle https URL's for reverse proxy directives such as
ProxyPass
and RewriteRule
.
A KeyFile
must be set and contain the trust chain for any origin servers.
This directive is not supported when IBM HTTP Server is used with WebSphere Application Server. Only the WebSphere WebServer Plug-in is supported.
Description: | Controls IBM HTTP Server support of TLS renegotiation |
---|---|
Syntax: | SSLRenegotiation on|off|LEGACY_AND_RFC5746 |
Default: | SSLRenegotiation off |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | see below |
This directive controls the types of TLS renegotiation permitted by IBM HTTP Server. TLS renegotiation is how clents can initiate a new SSL handshake on an existing secure connection, which is rarely used by normal browser-based clients.
SSLInsecureRenegotiation
directive in IBM HTTP Server 8.0 and later.Description: | Reverses the order of preferred ciphers. |
---|---|
Syntax: | SSLReverseCipherOrder |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
In version 9 and later, the default order of ciphers prioritizes some
stronger ciphers than previously used by default. Use this directive to
reverse the cipher order, rather than picking and choosing the exact order with
SSLCipherSpec
.
Description: | Identifies the certificate label of a personal certificate that the server should use to authenticate to clients. |
---|---|
Syntax: | SSLServerCert [cryptograhic token name:]label-name [[cryptograhic token name:]label-name] |
Default: | unset |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Each KeyFile
may contain multiple personal
certificates (certificates with private keys) as well as a single personal
certificate marked as the default certificate. If you want IBM HTTP Server
to use any certificates other than the default, specify
SSLServerCert
.
Two certificate labels may be specified as a space-delimited list where one certificate must contain an RSA
key and the other must contain an ECDSA key. The server will choose a certificate based on the client's
capabilities. If a client supports both key types, the certificate listed first in
SSLServerCert
is used regardless of how the ciphers are ordered
using SSLCipherSpec
.
SSLServerCert ecc_label rsa_label
Any labels containing spaces must be quoted. Spaces will need to be escaped if more than one label is specified.
SSLServerCert "RSA Label Example"
SSLServerCert "ecc\ label" "rsa\ label"
If cryprographic hardware is in use, this directive is mandatory to
communicate the cryptographic token name (the token name can be obtained using
the crypto hardware vendor's tools such as pkcsconf
:
SSLServerCert mytoken:mycertlabel
On z/OS, the second label is only used when PH18102 is present and the operating system release is V2R3 or later.
Description: | Flag to disable sending a TLS close_notify during Apache socket shutdown |
---|---|
Syntax: | SSLSkipCloseNotif ON|OFF |
Default: | OFF (close_notify is sent) |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | PH30841 |
9.0.5.2 added TLS13 support. Separate from TLS13, IHS began sending the TLS close_notify alert when the underlying Apache connection to the client was closed. This flag disables the new behavior
Description: | Establishes servername to certificate label pairs |
---|---|
Syntax: | SSLSNIMap hostname cert-label |
Default: | unset |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive maps server names transmitted via the TLS Server Name Extension to certificate labels, which allows the certificate presented to vary based on the hostname used by the client.
See the >SNI section for more details.
Description: | Enables the "Suite B" profile for the enclosing virtual host |
---|---|
Syntax: | SSLSuiteBMode 128|192 |
Default: | unset |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive configures the enclosing virtual host to use the "Suite B" profile for TLS. This profile drastically reduces the available signature algorithm and cipher specs that will be used by the server. The set of acceptable algorithms and ciphers is subject to change over time as relevant standards change.
The 128 and 192 arguments refer to the two levels of security discussed in RFC 6460.
SSLAttributeSet
is processed later (with a higher priority).Description: | Selects the set of Elliptic Curves used during the handshake. See usage for platform differences. |
---|---|
Syntax: | SSLSupportedCurves TLSv12|TLSv13 curve-list |
Default: | see usage |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Added in PH51678 |
During handshakes that use ECDHE key exchange, the client and server must negotiate a named curve that both sides support. This directive allows the curves that the server will offer to be customized.
Default and available settings:
Property | Linux, AIX, Windows | z/OS |
---|---|---|
TLSv12 default | secp256r1, secp384r1, secp521r1 | secp256r1, secp384r1, secp521r1 |
TLSv13 default | x25519, secp256r1, secp384r1, secp521r1, x448 | x25519, secp256r1, secp384r1, secp521r1 |
Supported values | Comma separated selected from pattern:
GSK_TLS_SUPPORTED_GROUP_ECDHE_{X25519,SECP256R1,SECP384R1,SECP521R1,X448} |
Four-digit codes with no separator from:
System SSL Programming Guide |
# zOS: add x25519 to defaults for TLSv12
SSLSupportedCurves TLSv12 0029002300240025
# zOS: add x448 to the end of defaults
SSLSupportedCurves TLSv13 00290023002400250030
# Linux, AIX, Windows: use only secp384r1 and secp521r1
SSLSupportedCurves TLSv13 GSK_TLS_SUPPORTED_GROUP_ECDHE_SECP384R1,GSK_TLS_SUPPORTED_GROUP_ECDHE_SECP521R1
Description: | Enables extended tracing for SSL communication |
---|---|
Syntax: | SSLTrace |
Default: | unset |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
This directive enables extra tracing in the ErrorLog
for various SSL related operations.
SSLTrace
is only useful with LogLevel
set to debug
.
Description: | Specifies how IBM HTTP Server reacts when IBM HTTP Server cannot readily determine the revocation status, which is coming through CRL or OCSP. |
---|---|
Syntax: | SSLUnknownRevocationStatus ignore|log|log_always|deny |
Default: | SSLUnknownRevocationStatus ignore |
Context: | virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | Distributed platforms only. On zOS, unknown revocation status results in a handshake error.t |
Whenever a message is logged for UnknownRevocationStatus, the SSL_UNKNOWNREVOCATION_SUBJECT
variable, an internal SSL environment variable, is set. You can log this variable with the following LogFormat
syntax:
%{SSL_UNKNOWNREVOCATION_SUBJECT}e
You could also use the variable in mod_rewrite expressions when this directive directive has any value other than deny. Use the following variable name in your RewriteCond
directive:
%{ENV:SSL_UNKNOWNREVOCATION_SUBJECT}
Description: | Performs access control based on negotiated TLS version |
---|---|
Syntax: | SSLVersion SSLv2|SSLv3|TLSv1|TLSv1.1|TLSv1.2 |
Default: | Disabled |
Context: | directory |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: | deprecated |
This directive returns an HTTP Forbidden response if the specified TLS version has not been negotiated. It does not cause the connection to be renegotiated, and cannot itself directly cause a customized HTTP response be sent to the client. This directive serves little practical purpose.
Description: | General purpose directive to configure options for the TLSv1.3 protocol. |
---|---|
Syntax: | TLS13Options option[=value] [option[=value] ...] |
Default: | NumTickets = 6, ServerKeyRefresh=608400 |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_ibm_ssl |
Compatibility: |
This directive allows the following options to be set for the TLSv1.3 protocol: