iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuration Directives
iTP Secure WebServer System Administrator’s Guide—522659-001
A-6
AcceptSecureTransport
If server-addr is not an IP address associated with the TCP/IP process name in
the TCP/IP configuration, an error is reported during httpd process startup. The error
message reports that the server cannot bind to the combination of TCP/IP process
name, IP address, and port (as specified in the -port argument).
If
server-addr is specified in DNS format, an attempt is made to bind to each IP
address to which the DNS name maps. Bindings that fail because the address is not
available are ignored. All successful binds are kept. If no binds are successful, an
error is reported and the httpd process does not start.
For the DNS format to be used, the address-resolved file
$SYSTEM.ZTCPIP.RESCONF must be set up and contain the correct IP addresses
for the name servers.
-ciphers list-of-ciphers
Use the -ciphers argument to specify a Tcl list of ciphers that describe the bulk
encryption and hash algorithms the iTP Secure WebServer will use. The ciphers
available for encryption include:
RC4
RC2
DES
Triple DES
Except for RC4, each of these ciphers is operated in cipher block chaining (CBC)
mode, which alters the block of data before encrypting. For RC2, you can specify
the key size.
Cipher-hashing algorithm pairs supported in iTP Secure WebServer are shown in
Table A-2
.
Table A-2. Cipher Pairs Supported (by Protocol) (page 1 of 2)
Cipher
Allowed
Global SSL 2.0 SSL 3.0 PCT
RC4-MD5 No Yes Yes Yes
RC4-SHA1 No No Yes Yes
DES-CBC3-SHA1 No No Yes Yes
DES-CBC3-MD5 No Yes* No Yes
DES-CBC-SHA1 No No Yes Yes
DES-CBC-MD5 No Yes No Yes
RC2-CBC-MD5 No Yes No Yes
RC2-CBC-SHA1 No No No Yes
EXP-RC4-MD5 Yes Yes Yes Yes
EXP-RC4-SHA1YesNoNoYes