iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

201

202

203

204

205

206

207

208

209

210

-nossl

-notls

-notls1.0

-notls1.1

-notls1.2

Use the -notls, -notls1.0, or -notls1.1, or-notls1.2 option to disallow TLS requests or

use the -nossl option to disallow SSL requests. By default, both TLS and SSL requests are accepted.

-requestauth

-requireauth

Use the -requestauth option to challenge the Web client for authentication. This option only

requests the Web client to authenticate; it does not require that the Web client do so. The

RequireSecureTransport -auth command in a Region directive prevents access without authentication.

Use the -requireauth option to challenge the Web client for authentication credentials. The

connection is aborted if the Web client does not authenticate.

You can specify either or neither of the -requestauth or -requireauth options. The default

is neither.

—dh_paramsFilepath filePath

Use the dh_paramsFilepath argument to specify the filePath that contains Diffie-Hellman

parameters.

—keyExchange key-exchange-method

Use the keyExchange argument to specify the supported key-exchange-method. The

key-exchange-method can be RSA,DH (Diffie-Hellman) or ALL. The default value for this

argument is ALL.

iTP Secure WebServer uses these parameters for Diffie-Hellman key-exchange.

You can specify any number of AcceptSecureTransport directives in the iTP Secure WebServer

configuration file. Omit this directive if you do not require secure transport; in that case, use the

Accept directive instead.

-hashAlgorithm list-of-hashalgorithm

Use the -hashAlgorithm argument to specify the Tcl list of cryptography hashing algorithms

supported with iTP Secure Webserver. The list-of-hashalgorithm can be MD5, SHA1, and

SHA256. If this argument is not specified, the iTP Secure WebServer is configured with all supported

hashing algorithms.

NOTE: When options -dh_paramsFilepath is not used and Diffie-Hellman key-exchange is

enabled the iTP Secure WebServer uses default hard coded Diffie-Hellman parameters.

SCF TCP/IP Configuration

To associate multiple IP addresses with a single TCP/IP process, use the SCF ALTER SUBNET

command with the ADDALIAS parameter, as shown in the example:

SCF> ALTER SUBNET $ZTC0.#SN1, ADDALIAS 120.1.1.12, &

SCF> SUBNETMASK %hFFFF0000

This command adds the IP address 120.1.1.12 to the subnet $ZTC0.#SN1. The SUBNETMASK

parameter is required. Each IP address must be added by using a separate ALTERSUBNET

command.

You can use the DELETEALIAS parameter to delete IP addresses that have been added to a subnet

using the ADDALIAS parameter as shown:

SCF> ALTER SUBNET $ZTC0.#SN1, DELETEALIAS 120.1.1.12

Each IP address must be deleted by using a separate ALTER SUBNET command.

Default

If no AcceptSecureTransport directives are specified, the iTP Secure WebServer will not

accept TLS or SSL connections.

AcceptSecureTransport 203