iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Configuration Directives
iTP Secure WebServer System Administrator’s Guide—523346-002
A-8
Description
WebSafe2 unit. If you omit the PATHMON process name, the server class is
presumed to be in the same PATHMON environment as the httpd process.
The -websafe argument requires the -nopct option, because the WebSafe2 unit
does not currently support the PCT protocol.
-nossl
-nosslv2
-nosslv3
-nopct
Use the -nossl, -nosslv2, -nosslv3, or -nopct option to disallow SSL or
PCT requests, respectively. By default, both SSL and PCT requests are accepted.
The -nopct option in mandatory in WebSafe2 configurations because WebSafe2
units do not support the PCT protocol.
Table A-3 describes the actions that the iTP Secure WebServer takes based on the
type of SSL client-hello response message that can be received along with the
configuration options set. For additional information about the
HTTPS_PROTOCOL_VERSION CGI environment variable setting listed in this table,
see Table 8-1, Environment Variables, on page 8-11.
Table A-3. WebServer Actions Based on SSL Version (page 1 of 2)
Client-Hello
Message
Configuration:
SSL 2.0 Only
(-nosslv3)
Configuration:
SSL 3.0 Only
(-nosslv2)
Configuration:
Both SSL 2.0
and SSL 3.0
SSL 2.0
Client-Hello
with SSL 2.0
Connection is
allowed.
Negotiated protocol
will be SSL 2.0.
HTTPS_
PROTOCOL_
VERSION
is set to 2.
Connection is
refused.
Error messages are
logged to the error
and extended log
files.
Connection is
allowed.
Negotiated protocol
will be SSL 2.0.
HTTPS_
PROTOCOL_
VERSION
is set to 2.
SSL 2.0
Client-Hello
with SSL 3.0
Connection is
allowed.
Negotiated protocol
will be SSL 2.0.
HTTPS_
PROTOCOL_
VERSION
is set to 2.
Connection is
allowed.
Negotiated protocol
will be SSL 3.0.
HTTPS_
PROTOCOL_
VERSION
is set to 3.
Connection is
allowed.
Negotiated protocol
will be SSL 3.0.
HTTPS_
PROTOCOL_
VERSION
is set to 3.