iTP Secure WebServer System Administrator's Guide (Version 7.0)
Configuration Directives
iTP Secure WebServer System Administrator’s Guide—523346-012
A-9
Description
different WID server classes. Use pathmon:server-class to specify the name
of the PATHMON process and the name of the WID server class that controls the
WebSafe2 unit. If you omit the PATHMON process name, the server class is
presumed to be in the same PATHMON environment as the httpd process.
The -websafe argument requires the -nopct option, because the WebSafe2 unit
does not currently support the PCT protocol.
-nossl
-nosslv2
-nosslv3
-nopct
Use the -nossl, -nosslv2, -nosslv3, or -nopct option to disallow SSL or
PCT requests, respectively. By default, both SSL and PCT requests are accepted.
The -nopct option in mandatory in WebSafe2 configurations because WebSafe2
units do not support the PCT protocol.
Table A-3 describes the actions that the iTP Secure WebServer takes based on the
type of SSL client-hello response message that can be received along with the
configuration options set. For additional information about the
HTTPS_PROTOCOL_VERSION CGI environment variable setting listed in this table,
see Table 8-1, Environment Variables, on page 8-11.
Table A-3. WebServer Actions Based on SSL Version (page 1 of 2)
Client-Hello
Message
Configuration:
SSL 2.0 Only
(-nosslv3)
Configuration:
SSL 3.0 Only
(-nosslv2)
Configuration:
Both SSL 2.0
and SSL 3.0
SSL 2.0
Client-Hello
with SSL 2.0
Connection is
allowed.
Negotiated protocol
will be SSL 2.0.
HTTPS_
PROTOCOL_
VERSION
is set to 2.
Connection is
refused.
Error messages are
logged to the error
and extended log
files.
Connection is
allowed.
Negotiated protocol
will be SSL 2.0.
HTTPS_
PROTOCOL_
VERSION
is set to 2.
SSL 2.0
Client-Hello
with SSL 3.0
Connection is
allowed.
Negotiated protocol
will be SSL 2.0.
HTTPS_
PROTOCOL_
VERSION
is set to 2.
Connection is
allowed.
Negotiated protocol
will be SSL 3.0.
HTTPS_
PROTOCOL_
VERSION
is set to 3.
Connection is
allowed.
Negotiated protocol
will be SSL 3.0.
HTTPS_
PROTOCOL_
VERSION
is set to 3.