Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide522659-001
4-29
Using SSL and PCT Environment Variables in CGI
Programs
Following is another example, using the web client’s DN:
set goodusers {CN=User 1, OU=Persona Certificate,\ O="RSA Data
Security, Inc.", C=US}
lappend goodusers {CN=User 2, OU=Persona Certificate,\ O="RSA
Data Security, Inc.", C=US}
RegionSet goodusers $goodusers
Region /* {
RequireSecureTransport -auth $goodusers
}
This command allows access only to clients who have presented a certificate by using
one of the DNs specified in goodusers.
Using SSL and PCT Environment Variables in CGI Programs
You can use SSL and PCT environment variables to access information about individual
requests from within CGI programs.
SSL environment variables are accessible from CGI programs. The method for
accessing these variables depends on the programming language being used. See
Section 8, Using Common Gateway Interface (CGI) Programs
, for a list of the SSL and
PCT environment variables and for information about how to use them
programmatically.
Controlling Encryption and Integrity Checking
The iTP Secure WebServer allows the web client and server to negotiate which
encryption algorithm will be used. The encryption algorithm is called a cipher. The
choice of cipher controls both the encryption and integrity checking required between
client and server.
Encryption protects the privacy of a message in transit, while integrity checking
provides proof that a message has not been altered during transit.
Using Ciphers With the AcceptSecureTransport Directive
The iTP Secure WebServer allows you to specify the ciphers that you want the
WebServer to support. Specifying a particular cipher mode ensures the maximum
security for each connection.
Encryption and integrity checking are controlled through the AcceptSecureTransport
directive’s -ciphers argument. Refer to AcceptSecureTransport
on page A-5 for details
about the syntax and use of the -ciphers argument.
In general, your selection of the ciphers depends on your use of the iTP Secure
WebServer. For example, for financial transactions and private personal data, the cipher
Triple DES increases the amount of security. For basic level privacy, RC4 generally
provides enough security while optimizing for speed.