iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series

121

122

123

124

125

126

127

128

129

130

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—523346-012

4-35

Using SSL and PCT Environment Variables in CGI

Programs

RegionSet goodusers $goodusers

Region /* {

RequireSecureTransport -auth $goodusers

}

This command allows access only to clients who have presented a certificate by using

one of the DNs specified in goodusers.

Using SSL and PCT Environment Variables in CGI Programs

You can use SSL and PCT environment variables to access information about

individual requests from within CGI programs.

SSL environment variables are accessible from CGI programs. The method for

accessing these variables depends on the programming language being used. For a

list of the SSL and PCT environment variables and for information about how to use

them programmatically, see Section 8, Using Common Gateway Interface (CGI)

Programs.

Controlling Encryption and Integrity Checking

The iTP Secure WebServer allows the Web client and server to negotiate which

encryption algorithm will be used. The encryption algorithm is called a cipher. The

choice of cipher controls both the encryption and integrity checking required between

client and server.

Encryption protects the privacy of a message in transit, while integrity checking

provides proof that a message has not been altered during transit.

Using Ciphers With the AcceptSecureTransport Directive

The iTP Secure WebServer allows you to specify the ciphers that you want the

WebServer to support. Specifying a particular cipher mode ensures the maximum

security for each connection.

Encryption and integrity checking are controlled through the AcceptSecureTransport

directive’s -ciphers argument. For details about the syntax and use of the -ciphers

argument, see AcceptSecureTransport

on page A-6.

In general, your selection of the ciphers depends on your use of the iTP Secure

WebServer. For example, for financial transactions and private personal data, the

cipher Triple DES increases the amount of security. For basic level privacy, RC4

generally provides enough security while optimizing for speed.

Hashing Ciphers Used by iTP Secure WebServer Ciphers

The ciphers for secure transport ports within the iTP Secure WebServer can use two

different hashing algorithms. The first, called MD5, has been in wide use for many

years in various Internet applications. The other, called Secure Hash Algorithm