SSL Reference Manual
the designated files are DER encoded X.509 CA certificates.
Default
If omitted, HP NonStop SSL will search for a single "CACERT" file on the default subvolume.
Example
CACERTS $DATA1.SSL.MYCA, $DATA1.SSL.MYROOTCA
Considerations
• The first file on the list must contain a certificate signing the given server certificate. Subsequent files must
contain certificates that sign the previous certificate in the list.
• During SSL handshake, the certificate chain will be sent along with the client or server certificate to the SSL
communication partner
• If a value of * is used for CACERTS, it will be assumed that the client or server certificate is self-signed.
• A CA certificate for testing purposes is delivered as CACERT file on the HP NonStop SSL installation
subvolume to enable quick start installation. This test CA certificate signs the test server certificate contained in
SERVCERT or CLIENTCERT.
See also
SERVCERT, CLIENTCERT, SSLCOM SSLINFO, SSLCOM RELOAD CERTIFICATES
CIPHERSUITES
Use this parameter to specify which cipher suites are admissible for a HP NonStop SSL process.
Parameter Syntax
CIPHERSUITES suite [, suite, ...]
Arguments
suite
specifies a cipher suite. Currently the following cipher suites can be explicitly configured:
Speci-
fier
RFC Algo Name OpenSSL Name KEX Enc Mac
0.1 TLS_RSA_WITH_NULL_MD5 NULL-MD5 RSA NULL MD5
0.2 TLS_RSA_WITH_NULL_SHA NULL-SHA RSA NULL SHA
0.3
TLS_RSA_EXPORT_WITH_RC
4_40_MD5
EXP-RC4-MD5 RSA_EXPORT RC4_40 MD5
0.4
TLS_RSA_WITH_RC4_128_M
D5
RC4-MD5 RSA RC4_128 MD5
0.5
TLS_RSA_WITH_RC4_128_SH
A
RC4-SHA RSA RC4_128 SHA
0.6
TLS_RSA_EXPORT_WITH_RC
2_CBC_40_MD5
EXP-RC2-CBC-MD5 RSA_EXPORT RC2_CBC_40 MD5
0.7
TLS_RSA_WITH_IDEA_CBC_
SHA
IDEA-CBC-SHA RSA IDEA_CBC SHA
0.8
TLS_RSA_EXPORT_WITH_DE
S40_CBC_SHA
EXP-DES-CBC-SHA RSA_EXPORT DES40_CBC SHA
0.9
TLS_RSA_WITH_DES_CBC_S
HA
DES-CBC-SHA RSA DES_CBC SHA
44 • Configuration HP NonStop SSL Reference Manual