Apache Module mod_ibm_ssl

Description:	Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol support for IBM HTTP Server
Status:	Extension
Module Identifier:	ibm_ssl_module
Source File:	mod_ibm_ssl.c

Summary

This module provides SSL and TLS support for IBM HTTP Server. This documentation is a supplement to the IBM Information Center and is primarily oriented towards IBM HTTP Server 8.0 and later. If a directive is not listed, consult the information center.

Example configuration

Example command line invocation to generate a new keystore with a self-signed certificate in it:

$ /opt/IHS80/bin/gskcapicmd -keydb -create -db /opt/IHS80/conf/ihsserverkey.kdb -pw yourpassword -stash
$ /opt/IHS80/bin/gskcapicmd -cert -create -db /opt/IHS80/conf/ihsserverkey.kdb ihsserverkey.kdb -pw yourpassword -label selfsigned -dn "CN=$(hostname)" -default_cert yes -expire 1000

Example IHS configuration to enable SSL with default ciphers:

Listen 0.0.0.0:443
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<VirtualHost *:443>
SSLEnable
KeyFile /opt/IHS80/conf/ihsserverkey.kdb
</VirtualHost>

Tracing SSL

Several kinds of tracing are available with this module.

To trace high level SSL operations, set LogLevel to debug and add SSLTrace to the bottom of the global configuration.
To trace low-level SSL operations, edit bin/envvars in your IHS installation root and add the following variables:
```
GSK_TRACE_FILE=/tmp/gsktrace_log
GSK_TRACE_FILE_SIZE=104857600
GSK_TRACE_FILE_NUMBER=5
export GSK_TRACE_FILE
export GSK_TRACE_FILE_SIZE
export GSK_TRACE_FILE_NUMBER 
```
Perform a complete stop and start of the webserver to pickup the environment variable changes.
To trace plaintext communications to diagnose HTTP problems, use mod_net_trace
New in PI23005: To log end-to-end handshake times (for diagnosing performance issues), turn on the SSLTrace directive and log the SSL_HANDSHAKE_TIME environment variable, e.g.:
```
LogFormat "%h %l %u %t \"%r\" %>s %b %{SSL_HANDSHAKE_TIME}e" common 
```

Elliptic Curve (ECC) in IHS

ECDHE ciphers provide perfect forward secrecy. In 8.0.0.6 and 8.5.0.2 and later, IHS supports Elliptic Curve ciphers and keys, but they are disabled by default prior to PI81589. With PI81589, ECDSA ciphers are enabled by default and are preferred over RSA cipher suites. PI81589 is available in versions 8.0.0.14 and 8.5.5.12 and later.

Servers using traditional RSA certificates can configure new non-default ECDHE-RSA ciphers using SSLCipherSpec.
Servers can create ECDSA certificates with bin/gskcapicmd (or gskkyman on z/OS) and use ECDHE-ECDSA ciphers using SSLCipherSpec.

IHS can be configured to prefer an ECDSA certificate if a client supports it and to fallback to an RSA certificate otherwise. See SSLServerCert for more information.

ECDHE-RSA ciphers

TLS_ECDHE_RSA_WITH_NULL_SHA(C010)
TLS_ECDHE_RSA_WITH_RC4_128_SHA(C011)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(C012)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(C013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(C014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(C027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(C028)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(C02F)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(C030)

ECDHE-ECDSA ciphers (requires ECDSA certificate)

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(C007)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(C008)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(C009)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(C00A)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(C023)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(C024)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(C02B)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(C02C)

z/OS configuration

On z/OS, TLSv1.2 must be explicitly enabled prior to IBM HTTP Server 8.5.5.4 and 8.0.0.10 to use any ECC ciphers using SSLProtocolEnable.
z/OS V1R13 with OA39422 (or later) is required to use TLSv1.2 on z/OS.
ICSF must be available to use ECC or AES-GCM ciphers.
ECC and AES-GCM may require granting the webserver userid access to CSFSERV resources. See RACF CSFSERV Resource Requirements in the z/OS System SSL documentation

SP800-131 related options

Can an SP800-131a profile be directly configured?: With GSKit 8.0.50.13 or higher (PI05309 or higher), the directive SSLAttributeSet 477 1 activates an SP800-131a mode in the security library, but ECC ciphers need to be manually added with SSLCipherSpec to be included. The net effect of this setting may change over time as recommendations evolve.
TLSv1.0 and TLSv1.1 are currently permitted under this setting, but may be removed in the future
Can protocols older than TLSv1.2 be disabled?: See SSLProtocolDisable
Is TLSv1.2 supported?: Yes, in 8.0 and later. However, see SSLProtocolEnable for z/OS specific information
Can TLSV1.2 signature algorithm restrictions be set?: Yes, see SSLAttributeSet with attribute ID 245, a type of BUFF, and a string value such as: "GSK_TLS_SIGALG_RSA_WITH_SHA224,GSK_TLS_SIGALG_RSA_WITH_SHA256,GSK_T LS_SIGALG_RSA_WITH_SHA384,GSK_TLS_SIGALG_RSA_WITH_SHA512,GSK_TLS_SIG ALG_ECDSA_WITH_SHA224,GSK_TLS_SIGALG_ECDSA_WITH_SHA256,GSK_TLS_SIGAL G_ECDSA_WITH_SHA384,GSK_TLS_SIGALG_ECDSA_WITH_SHA512"
Can FIPS140-2 restrictions be enabled?: Yes, see SSLFIPSEnable
Can a "Suite B" profile of settings be configured?: On distributed platforms, yes. See SSLSuiteBMode

KeyFile Directive

Description:	Identifies the keyfile containing certificates and private keys.
Syntax:	`KeyFile /path/to/key.kdb [/prompt] \| /saf [owner/]saf-keyring-name`
Default:	`unset`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl

This directive configures the SSL key file to be used for the enclosing virtual host. A corresponding stashfile (*.sth) is automatically used with the same base name as the specified KeyFile.

On z/OS, the name of a SAF keyring can be specified following a first argument of /saf. For more details on the syntax and usafe of SAF keyrings, see the definition of GSK_KEYRING_FILE in the z/OS Cryptographic Services System SSL Programming topic in your release of z/OS.

If the second argument is /prompt, IBM HTTP Server will interactively prompt for the corresponding password instead of using the stash file referenced above.

SSLAttributeSet Directive

Description:	Directly configures underlying GSKit security library settings.
Syntax:	`SSLAttributeSet [proxy:]gskit-id val [ENUM\|NUMERIC\|BUFF\|BUFFNULL]`
Default:	`none`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	IHS 7.0 only supports setting "enum" types, and doesn't support the "proxy:" prefix. 'BUFFNULL' added in PI76874

Sets underlying Tivoli Global Security it (GSKit) configuration. Advanced usage only at the recommendation of IHS support.

These settings are applied after directives such as SSLCipherSpec and generally override what was previously set.

SSLCheckCertificateExpiration Directive

Description:	Checks for expired or expiring certificates at startup.
Syntax:	`SSLCheckCertificateExpiration days\|-1 ["no_expired"]`
Default:	`Disabled`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	IHS 8.5.5.10 (PI59374) and later. Not available on z/OS.

If this directive is specified with a days parameter greater than zero, IHS will check the validity range of each certificate (personal, issuer, and immediate) in each configured KeyFile during SSL initialization.
For each certificate expiring within the specified number of days, the server will write a ALERT level message to the servers ErrorLog with the message ID "SSL0191E".

If this directive is enabled, certificates which have already expired are printed at NOTICE level with message ID "SSL0192E", unless the second parameter is the string "no_expired". To report only expired certificates, specify -1 for the first parameter.

Example:

Listen 443 # Warn about expired certificates, or certificates expiring in the next 30 days SSLCheckCertificateExpiration 30 <VirtualHost *:443> SSLEnable ... </VirtualHost>

Results in: "SSL0191E: Certificate label 'expiresoon' in key store /opt/IHS/conf/key.kdb will expire in 22 days"

Notes

A KeyFile must be used (by SSLEnable or SSLProxyEngine ON) to be checked.
This directive is merged from the base configuration to each virtual host.
If the same KeyFile is in multiple SSL enabled virtual hosts with this directive implicitly or explicitly specified, the reporting will happen in each virtual host.

SSLCipherSpec Directive

Description:	Determines which SSL ciphers should be permitted.
Syntax:	`SSLCipherSpec [ALL\|SSLv2\|SSLv3\|TLSv10\|TLSv11\|TLSv12] [+\|-]cipher-shortname\|[+\|-]cipher-longname ...`
Default:	`8.0 and later: reasonable default ciphers (SSLv2, weak, export, and NULL removed)`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	A separate syntax for z/OS is documented in the next section.

Manual limitations

Note: This manual only discusses the V8R0 and later behavior. For V7 and earlier, refer to the knowledge center from the corresponding release. For z/OS syntax, see the following directive entry.

This directive allows the configuration of the specific SSL ciphers, as well as their order. Each protocol starts with a set of reasonable default ciphers, and this directive can add, remove, or re-order those ciphers.

The first argument specifies the name of a specific SSL protocol whose ciphers will be adjusted, or "ALL" to adjust all protocols for which the following ciphers are applicable. If "ALL" is specified, and a cipher cannot be removed or added due to not being applicable to that protocol, no error is reported. If a specific protocol is specified, and a cipher does not apply to that protocol (for example, a cipher added in TLSv12 applied to TLSv10), startup will fail.

The second argument specifies the cipher to add or remove. Ciphers prefixed with a minus symbol are removed from the current set of ciphers, and ciphers with a plus symbol (or no symbol at all) are added.

Reset defaults

Each protocol starts with a default list of ciphers. The cipher list for each protocol is ordered, the server picks the first entry in the cipher list that the client also supports. This list can be changed in several ways:

You can add or subtract specific ciphers with the +/- syntax. Additions append to the cipher list, meaning additions have a lower precedence.
You can empty the list (default or otherwise) with a special value of NONE.
If the first cipher in an SSLCipherSpec directive has no + or -, and it affects protocol X and protocol X is still using its default list, the requested cipher replaces the default list (this is effectively the legacy behavior). Subsequent changes to protocol X without +/- act as if + was present.
After PH30598 (9.0.5.7, 8.5.5.19) the pseudo-cipher "-RSA" may be used to remove RSA key exchange ciphers from the defaults. It must be the first cipher argument and no other cipher arguments may follow on the same line. It only removes RSA key exchange ciphers that are enabled by default, if weaker RSA ciphers have been explicitly added prior to this directive, they will not be removed.
"-CBC" is also supported with similar semantics as "-RSA"

After PH51473, the RSA and CBC pseudo-ciphers can be used with a "+" prefix.

The third case is a complicated compromise to tolerate legacy configurations while protecting against "SSLCipherSpec very-old-cipher" disabling more advanced ciphers inadvertently, in future protocols where very-old-cipher is not applicable

The second argument can be repeated, but "NONE" is only accepted in the initial position.

The first time a protocol is changed by this directive, if the cipher argument is not prefixed by a plus or minus symbol, the defaults are discarded and the current cipher becomes the only cipher.

Legacy syntax

A legacy syntax is supported which includes a single argument (cipher name), however its use is not recommended and may not be combined with the full syntax above. The legacy syntax is likely to counter-intuitively disable ciphers new to TLSv1.2 when common ciphers are configured.

When the legacy syntax is used, the following logic is applied: For each protocol, If the specified cipher is applicable to the protocol, and the protocol is still using the default cipher list, the cipher list is replaced by the specified protocol. If the defaults are not in use (as in for subsequent uses of this directive) then the cipher is added to the current overridden list.

To illustrate the undesirable affects of the legact syntax:

"SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA256" is a TLSv12-only cipher, so it indirectly disables all other TLSv12 ciphers but doesn't do anything to the TLSv11 or TLSv10 cipher list.
"SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5" specifies a cipher present ONLY in TLS prior to TLSv12. This directive sets TLSv10 and TLSv11 to just the specified cipher but leaves TLSv12 unchanged.
"SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA" is common to TLSv10, TLSv11, and TLSv12. This directive removes all other available ciphers from each of these protocols.

Examples:

# Remove 3DES anywhere it shows up SSLCipherSpec ALL -SSL_RSA_WITH_3DES_EDE_CBC_SHA

# Replace (no +/-) TLSv12 cipher list SSLCipherSpec TLSv12 TLS_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLSv12 TLS_RSA_WITH_AES_256_GCM_SHA384

Merging

Normally, this directive is only specified inside a virtual host. In the event it is specified both inside and outside of a virtual host, the virtual hosts configured SSL ciphers will be the union of the two lists.

SSLCipherSpec (z/OS) Directive

Description:	Determines which SSL ciphers should be permitted.
Syntax:	`SSLCipherSpec cipher-shortname\|cipher-longname`
Default:	`8.0 and later: reasonable default ciphers (SSLv2, weak, export, and NULL removed)`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl

z/OS

Note: This section describes the behavior on z/OS only. See the preceding entry for other platforms.

This directive allows the configuration of the specific SSL ciphers, as well as their order. When this directive is first specified, the default ciphers are replaced by the specified ciphers. After PI73819, it is possible to express a delta from the defaults.

This directive should be repeated to configure multiple ciphers, with the first listed being preferred for negotiation

Examples:

# Choose new ciphers, similar to late 2016 defaults, but omitting 3DES SSLCipherSpec TLS_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLS_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA256 SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA # Omitted: # SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA

# After PI73819, we can use +/- with "ALL". # This somewhat contrived example forces TLSv12 and removes the non-SHA2 # ciphers from the defaults. Note: first parm of "ALL" must be used to use +/- SSLProtocolDisable TLSv10 TLSv11 SSLCipherSpec ALL -TLS_RSA_WITH_AES_128_CBC_SHA -TLS_RSA_WITH_AES_256_CBC_SHA

Merging

SSLClientAuth Directive

Description:	Configures IBM HTTP Server to request a client certificate from the browser
Syntax:	`SSLClientAuth none\|optional\|required\|required_reset`
Default:	`SSLClientAuth none`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl

This directive configures if and how IBM HTTP Server will request an SSL certificate from clients. This feature is sometimes referred to as "mutual authentication" because it adds authentication of the client to the typical SSL server authentication.

none: No client certificate will be requested
optional: A client certificate will be requested, but no action is taken if a certificate is not presented.
required: A client certificate will be requested, and a failure to present one will result in a HTTP 403 error.
required_reset: A client certificate will be requested, and a failure to present one will result in a TLS alert being sent to the browser

SSLCompression Directive

Description:	Controls server-side support for TLS Compression
Syntax:	`SSLCompression ON\|OFF`
Default:	`SSLCompression OFF`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	Not available on zOS

This directive can be used to re-enable TLS compression, which was disabled by default in 8.0.0.5 and 8.5.0.1. TLS compression in web browsers is vulnerable to man in the middle attacks when malicious content is introduced.

Compatability

IHS prior to 8.0.0.7 and 8.5.5.1 can't successfully re-enable compression with GSKit 8.0.14.27 or later.

SSLDisable Directive

Description:	DisablesSSL for the enclosing virtual host
Syntax:	`SSLDisable`
Default:	`unset`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl

This directive configures the enclosing virtual host to NOT use the SSL protocol. This is only necessary in non-SSL virtual hosts in the unusual case when the base server configuration has been configured for SSL with SSLEnable, which is automatically inherited by all virtual hosts.

SSLEnable Directive

Description:	Enables SSL for the enclosing virtual host
Syntax:	`SSLEnable`
Default:	`unset`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl

This directive configures the enclosing virtual host to use the SSL protocol.

Graceful Restart

SSL0263W can be issued if mod_ibm_ssl goes from being not loaded (via LoadModule) to being loaded across an graceful restart. While in general modules may be removed or added during a graceful restart, mod_ibm_ssl cannot support this sequence.

SSLFatalErrorLimit Directive

Description:	Gracefully terminates a process reporting too many fatal handshake errors
Syntax:	`SSLFatalErrorLimit failures`
Default:	`SSLFatalErrorLimit 0`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	Requires PH32229

In some rare cases, an individual process will stop processing handshakes and return errors such as SSL0209E/SSL0212E/SSL0203E. If this directive is set to non-zero, the process will gracefully exit after seeing the specified number of SSL0209E/SSL0212E/SSL0203E failures.

This directive is NOT inherited from the base server config to virtual hosts.

SSLFIPSDisable Directive

Description:	Configures an SSL enabled virtual host to NOT use FIPS 140-2 certified ciphers
Syntax:	`SSLFIPSDisable`
Default:	`SSLFIPSDisable`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	Directive and functionality not available on z/OS until IBM HTTP Server 8.5

This directive causes the server to use the default SSL implementation in the bundled GSKit library. This directive is normally not required unless SSLFIPSEnable appears in global server configuration.

SSLFIPSEnable Directive

Description:	Configures an SSL enabled virtual host to use FIPS 140-2 certified ciphers
Syntax:	`SSLFIPSEnable`
Default:	`unset`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	Directive and functionality not available on z/OS until IBM HTTP Server 8.5

This directive causes the server to automatically use the FIPS 140-2 validated cryptographic modules and ciphers available in the bundled GSKit library.

IBM HTTP Server 8.5 and later on z/OS supports this directive being enabled only in a global (base configuration, outside of any vhost) context only. On z/OS, a FIPS compatible KeyFile must be created with gskkyman for both IBM HTTP Server and the WAS Plugin. FIPS compatible keystores on z/OS only allow certs with strong cryptography to be stored inside of them.

SSLHandshakeTimeout Directive

Description:	Configures timeout on handshake operations
Syntax:	`SSLHandshakeTimeout IO-timeout [end-to-end timeout[ms]]`
Default:	`By default, the core Timeout is used for the IO timeout and no end-to-end timeout is used.`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	IHS 8.0.0.6, 8.5.0.2, and later (PM78434)

This directive can be used to reduce the timeout for SSL handshake I/O operations and to impose an end-to-end timeout on SSL handshakes.

<VirtualHost *:443> SSLEnable Timeout 60 SSLHandshakeTimeout 5 </VirtualHost>

<VirtualHost *:443> SSLEnable Timeout 60 SSLHandshakeTimeout 2 4000ms </VirtualHost>

SSLOCSPCacheSize Directive

Description:	Enables OCSP caching and specifies the maximum number of elements in the cache.
Syntax:	`SSLOCSPCacheSize elements`
Default:	`see synopsis`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	PH54894

This directive specifies the size of the internal OCSP response cache.

Defaults: On Linux, AIX and Windows the default is 0 (no caching). On z/OS, the system default is 256. Further details can be found in the System SSL programmers guide of your zOS release.
Lifetime: The "nextUpdate" time of the OCSP response, or HTTP cache headers, determines the lifetime of cache entries. Entries can be evicted when the cache is full based on LRU.
Merging: This directive is not merged/inherited from global to virtual host scope
Scope: There is one cache per SSL enabled virtual host, per IHS child process.
Statistics: If the /server-status interface is accessed over HTTPS, some basic info about the OCSP cache for the virtual host and process handling the request is displayed torwards the bottom of the page. Not available on zOS.

OCSP Cache statistics (Linux, AIX, Windows)

Legend for the fields in /server-status. Note: The output data and format is intended to be human readable and is subject to change i.e. the output format MUST NOT be considered a specification.

read_hit: the number of times a valid current OCSP response was found in the cache and so no actual OCSP request was required.
read_miss: the number of times a valid current OCSP response was not found in the cache and so an actual OCSP request was required.
write_hit: the number of times a response was renewed in the cache – this should match read_hit unless the response was found in the cache but could not be used for other reasons.
write_miss: the number of times a new response was added to the cache.
new: the number of new OCSP requests requested – this is write_miss - read_miss.
lost: the number of times an otherwise still valid cache entry was lost due to lack of space.
promoted_hit: the number of times a promoted item was found in the cache.
promoted_event: the number of ocsp responses that were promoted.
resume ratio: the ratio of renewed to all cache writes, the higher the better.
hit ratio: ratio of renewed cache hits that were used. Note: responses that have expired will not be used which can lower this ratio.
cache hit ratio: percentage ratio of OCSP responses used from the cache compared to the total including cached and those from new OCSP requests.

SSLOCSPConnectionTimeout Directive

Description:	Enables connect() timeout on outobuund OCSP connections
Syntax:	`SSLOCSPConnectionTimeout seconds`
Default:	`SSLOCSPConnectionTimeout 5`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	Requires PH01222

This directive can specify a timeout for connecting to an OCSP server while validating a client certificate. Prior to PH01222, there was no explicit default, and especially on Windows the connection attempt could have for an extended time if it was not completed or actively refused.

This directive is inherited from the base server config to virtual hosts.

SSLOCSPEnable Directive

Description:	The SSLOCSPEnable directive enables checking of client certificates through OCSP responders defined in the Authority Information Access (AIA) extension of their certificate.
Syntax:	`SSLOCSPEnable`
Default:	`not set`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl

If SSLOCSPEnable is set, and an SSL client certificate chain contains an AIA extension, IBM HTTP Server contacts the OCSP responder indicated by the AIA extension to check revocation status of the client certificate. The path portion of the URL is ignored.

If both OCSP and CRL checking is configured, OCSP checking is performed before any CRL checking. CRL checking occurs only if the result of the OCSP checking is unknown or inconclusive.

If both SSLOCSPEnable and SSLOCSPResponderURL are configured, the responder defined by SSLOCSPResponderURL is checked first. If the revocation status is unknown or inconclusive, IBM HTTP Server checks OCSP responders for SSLOCSPEnable.

SSLOCSPResponderURL Directive

Description:	The SSLOCSPResponderURL directive enables checking of client certificates through a statically configured online certificate status protocol (OCSP) responder.
Syntax:	`SSLOCSPResponderURL fully-qualified-url`
Default:	`not set`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl

If both OCSP and CRL checking is configured, OCSP checking is performed before any CRL checking. CRL checking occurs only if the result of the OCSP checking is unknown or inconclusive.

SSLProtocolDisable Directive

Description:	The SSLProtocolDisable directive allows you to disable individual SSL protocols.
Syntax:	`SSLProtocolDisable SSLv2\|SSLv3\|TLSv10\|TLSv11\|TLSv12 ...`
Default:	`see note`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	TLSv11 and TLSv12 only supported in version 8 and later.

This directive can be used to disable individual SSL protocols. Multiple protocols can be specified, space-separated.

Defaults

Default protocols using the latest available maintenance: TLSv12

SSLv2 has always been disabled by default
SSLv3 was disabled by default in 8.0.0.10/8.5.5.4 and later (PI27904)
TLSv1.1 and TLSv1.2 were disabled by default on z/OS prior to 8.0.0.10/8.5.5.4
TLSv1.0 and TLSv1.1 were disabled in 8.5.5.20 and later (PH36870)

SSLProtocolEnable Directive

Description:	The SSLProtocolEnable directive allows you to enable individual SSL protocols.
Syntax:	`SSLProtocolEnable SSLv2\|SSLv3\|TLSv10\|TLSv11\|TLSv12 ...`
Default:	`see notes in SSLProtocolDisable`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	7.0.0.37, 8.0.0.6, 8.5.0.2 and later. TLsv11 and TLSv12 only supported in version 8 and later.

This directive can be used to enable individual SSL protocols.

SSLProxyEngine Directive

Description:	Adds SSL support to outgoing reverse proxy connections
Syntax:	`SSLProxyEngine on\|off`
Default:	`SSLProxyEngine offnone`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl

This directive is not supported when IBM HTTP Server is used with WebSphere Application Server. Only the WebSphere WebServer Plug-in is supported

This directive configures IHS to handle https URL's for reverse proxy directives such as ProxyPass and RewriteRule.

A KeyFile must be set and contain the trust chain for any origin servers.

SSLRenegotiation Directive

Description:	Controls IBM HTTP Server support of TLS renegotiation
Syntax:	`SSLRenegotiation on\|off\|LEGACY_AND_RFC5746`
Default:	`SSLRenegotiation off`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	see below

This directive controls the types of TLS renegotiation permitted by IBM HTTP Server. TLS renegotiation is how clents can initiate a new SSL handshake on an existing secure connection, which is rarely used by normal browser-based clients.

OFF (default): No renegotiation is permitted.
ON: Secure renegotiation, as currently defined by RFC5746, is permitted.
LEGACY_AND_RFC5746: Both secure renegotiation and legacy insecure renegotiation are permitted.

Compatibility

This directive supercedes the SSLInsecureRenegotiation directive in IBM HTTP Server 8.0 and later.
IBM HTTP Server 8.0.0.0 defaulted to ON (accepting RFC5746 renegotiations).
Prior to 7.0.0.19, the bundled GSKit security library was not aware of RFC5746, and "ON" referred to legacy insecure renegotiation.
Support for the LEGACY_AND_RFC5746 option depends on IBM HTTP Server 7.0.0.19 and later.

SSLServerCert Directive

Description:	Identifies the certificate label of a personal certificate that the server should use to authenticate to clients.
Syntax:	`SSLServerCert [cryptograhic token name:]label-name [[cryptograhic token name:]label-name]`
Default:	`unset`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl

Each KeyFile may contain multiple personal certificates (certificates with private keys) as well as a single personal certificate marked as the default certificate. If you want IBM HTTP Server to use any certificates other than the default, specify SSLServerCert.

Two certificate labels may be specified as a space-delimited list where one certificate must contain an RSA key and the other must contain an ECDSA key. The server will choose a certificate based on the client's capabilities. If a client supports both key types, the certificate listed first in SSLServerCert is used regardless of how the ciphers are ordered using SSLCipherSpec.

Distributed platforms only.

Specifying a list

SSLServerCert ecc_label rsa_label

Any labels containing spaces must be quoted. Spaces will need to be escaped if more than one label is specified.

Behavior prior to IBM HTTP Server 8.5.5.9 may be different

Specifying a single label containing spaces

SSLServerCert "RSA Label Example"

Specifying a list of labels containing spaces

SSLServerCert "ecc\ label" "rsa\ label"

If cryprographic hardware is in use, this directive is mandatory to communicate the cryptographic token name (the token name can be obtained using the crypto hardware vendor's tools such as pkcsconf:

Cryptographic hardware example

SSLServerCert mytoken:mycertlabel

SSLSkipCloseNofify Directive

Description:	Flag to disable sending a TLS close_notify during Apache socket shutdown
Syntax:	`SSLSkipCloseNotif ON\|OFF`
Default:	`OFF (close_notify is sent)`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	PH30841

9.0.5.2 added TLS13 support. Separate from TLS13, IHS began sending the TLS close_notify alert when the underlying Apache connection to the client was closed. This flag disables the new behavior

SSLStrictCBCPaddingCheck Directive

Description:	Enable/Disable strict CBC Padding
Syntax:	`SSLStrictCBCPaddingCheck off\|on`
Default:	`on`
Context:	server config
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	Distributed Platforms only, PI31516 and higher

This directive configures strict CBC padding checks in GSKit, primarily to mitigate the POODLE TLS attack (CVE-2014-8730). Turning this directive on is equivalent to using:

SSLAttributeSet 471 1

Note that strict CBC padding is always enabled by default in z/OS.

SSLSuiteBMode Directive

Description:	Enables the "Suite B" profile for the enclosing virtual host
Syntax:	`SSLSuiteBMode 128\|192`
Default:	`unset`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	Distributed Platforms only, 8.0.0.6/8.5.0.2 and later only.

This directive configures the enclosing virtual host to use the "Suite B" profile for TLS. This profile drastically reduces the available signature algorithm and cipher specs that will be used by the server. The set of acceptable algorithms and ciphers is subject to change over time as relevant standards change.

The 128 and 192 arguments refer to the two levels of security discussed in RFC 6460.

Setting this directive overrides most previous SSL directives. Only SSLAttributeSet is processed later (with a higher priority).
All Suite B profiles require the servers certificate chain to use strong ECC signatures.
At the time of this writing, RFC 6460 documents the restrictions of "Suite B".

SSLTrace Directive

Description:	Enables extended tracing for SSL communication
Syntax:	`SSLTrace`
Default:	`unset`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl

This directive enables extra tracing in the ErrorLog for various SSL related operations. SSLTrace is only useful with LogLevel set to debug.

SSLUnknownRevocationStatus Directive

Description:	Specifies how IBM HTTP Server reacts when IBM HTTP Server cannot readily determine the revocation status, which is coming through CRL or OCSP.
Syntax:	`SSLUnknownRevocationStatus ignore\|log\|log_always\|deny`
Default:	`SSLUnknownRevocationStatus ignore`
Context:	virtual host
Status:	Extension
Module:	mod_ibm_ssl

ignore: Specifies that a debug level message is issued when a handshake completes and the revocation status is not known. This message is not re-issued when the SSL session is resumed.
log: Specifies that a notice-level message is issued when a handshake completes and the revocation status is not known. This message is not re-issued when the SSL session is resumed.
log_always: Specifies that a notice-level message is issued when a handshake completes and the revocation status is not known. IBM HTTP Server issues the same message for subsequent handshakes.
deny: Specifies that a notice-level message is issued when a handshake completes, the revocation status is not known, the session is not resumable, and the HTTPS connection is immediately closed. IBM HTTP Server reports the same message for subsequent handshakes.

Whenever a message is logged for UnknownRevocationStatus, the SSL_UNKNOWNREVOCATION_SUBJECT variable, an internal SSL environment variable, is set. You can log this variable with the following LogFormat syntax:

%{SSL_UNKNOWNREVOCATION_SUBJECT}e

You could also use the variable in mod_rewrite expressions when this directive directive has any value other than deny. Use the following variable name in your RewriteCond directive:

%{ENV:SSL_UNKNOWNREVOCATION_SUBJECT}

SSLVersion Directive

Description:	Performs access control based on negotiated TLS version
Syntax:	`SSLVersion SSLv2\|SSLv3\|TLSv1\|TLSv1.1\|TLSv1.2`
Default:	`Disabled`
Context:	directory
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:	deprecated

This directive returns an HTTP Forbidden response if the specified TLS version has not been negotiated. It does not cause the connection to be renegotiated, and cannot itself directly cause a customized HTTP response be sent to the client. This directive serves little practical purpose.

TLS13Options Directive

Description:	General purpose directive to configure options for the TLSv1.3 protocol.
Syntax:	`TLS13Options option[=value] [option[=value] ...]`
Default:	`NumTickets = 6, ServerKeyRefresh=608400`
Context:	server config, virtual host
Status:	Extension
Module:	mod_ibm_ssl
Compatibility:

This directive allows the following options to be set for the TLSv1.3 protocol:

AllowLegacyCerts[=ON|OFF]: Allows legacy SHA1 certificates to be used. Default is OFF.
NumTickets=n: Sets the number of session tickets to the value n. Default is 6.
ServerKeyRefresh=n: z/OS only. Sets the frequency for rotating the key used for TLSv13 session tickets. Default is 608400 (7 days).

Apache Module mod_ibm_ssl

Summary

Directives

Topics

See also

ECDHE-RSA ciphers

ECDHE-ECDSA ciphers (requires ECDSA certificate)

z/OS configuration

Notes

Manual limitations

Reset defaults

Legacy syntax

Merging

z/OS

Merging

Compatability

Graceful Restart

OCSP Cache statistics (Linux, AIX, Windows)

Defaults

Compatibility

Specifying a list

Specifying a single label containing spaces

Specifying a list of labels containing spaces

Cryptographic hardware example