Manualshelf

SSL Reference Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
61626364656667686970
HASHALGORITHMS
Use this parameter to define which hash algorithms are used when verifying the SSL server side based on its fingerprint.
Parameter Syntax
HASHALGORITHMS hashAlgorithm [, hashAlgorithm , ...]
Arguments
hashAlgorithm
Name of hash algorithm that should be used. If the parameter is explicitly set, at least one hash algorithm has to
be given.
Valid hash algorithms names are:
MD5 *
SHA1 *
RIPEMD160
SHA256
SHA384 **
SHA512 **
WHIRLPOOL
* You should not use this algorithm since it was cryptographically broken.
** Hash Algorithm not available on S-Series system
Default
By default, WHIRLPOOL as one of the two most secure algorithms is used (the other one is SHA512)
Example
HASHALGORITHMS WHIRLPOOL,SHA256
Considerations
Cryptographic operations, such as hashing operations, do cost CPU cycles. When e.g. running as an FTP client
proxy, fingerprint validation with hashing will be involved in every initial connection establishment process.
Therefore consider choosing only one or two algorithms out of the list.
Make sure to activate the algorithms actually used in the fingerprints specified in the TRUST parameter.
Do not use MD5 or SHA1 anymore! These algorithms are cryptographically broken.
See also
TRUST
KEEPALIVE
Use this parameter to specify if TCP keep alive messages should be activated for established connections.
Parameter Syntax
KEEPALIVE mode
Arguments
mode
HP NonStop SSL Reference Manual Configuration 61