iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—522659-001

4-30

Using Ciphers With the AcceptSecureTransport

Directive

Hashing Ciphers Used by iTP Secure WebServer Ciphers

The ciphers for secure transport ports within the iTP Secure WebServer can use two

different hashing algorithms. The first, called MD5, has been in wide use for many years

in various Internet applications. The other, called Secure Hash Algorithm (SHA1), was

developed by the U.S. government. For most applications, either cipher provides

sufficient security.

Negotiating Selection Among Available Ciphers

Use the -ciphers option to specify a Tcl list of ciphers that describe the bulk encryption

and hash algorithms the iTP Secure WebServer will use. If you specify no

-ciphers option, all the ciphers are set by default.

The cipher negotiated for the connection will be the first cipher on the web client’s list

supported by the server. For example, if the web client list (in order) is 1 2 3 4 and the

server list is 4 3 2, cipher 2 will be chosen because it is the first cipher present in the

web client's list that is also present on the server list.

This concept is illustrated in Figure 4-1

For a list of the cipher-hashing algorithms iTP Secure WebServer supports, refer to

AcceptSecureTransport

on page A-5.

Figure 4-1. Cipher Negotiation Between Web Client and Server Lists

114CDT .CDD

DEC-CBC3-SHA1

RC2-CBC-SHA1

EXP-RC4-MD5

RC4--MD5

RC4-MD5

DES-CBC3-MD5

RC2-CBC-SHA1

Web Client List Server List

RC2-CBC-SHA1

This cypher is usedWhen this list... is compared to this list...