iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series

311

312

313

314

315

316

317

318

319

320

Configuration Directives

iTP Secure WebServer System Administrator’s Guide—523346-012

A-12

Examples of Secure Transport Protocol Support

(Port 4430)

To accept SSL and PCT connections on the IP addresses bound to the DNS name

www.directory.net with the $ZTC0 process (HTTP connections on ports 80 and

8080 and SSL/PCT connections on ports 443 and 4430):

Accept -transport /G/ZTC0 -address www.directory.net

AcceptSecureTransport -cert {CN=Juliet,O=Capulet's House of

Keys} -transport /G/ZTC0 -address www.directory.net

Accept -transport /G/ZTC0 -address www.directory.net -port 8080

AcceptSecureTransport -cert {CN=Juliet,O=Capulet's House of

Keys} -transport /G/ZTC0 -address www.directory.net -port 4430

Examples of Secure Transport Protocol Support (Port 4430)

To accept SSL 2.0, SSL 3.0, and PCT connections:

AcceptSecureTransport -transport /G/ZTC0 -cert {CN=...}

To accept SSL 2.0 and PCT connections:

AcceptSecureTransport -transport /G/ZTC0 -cert {CN=...} -nosslv3

To accept SSL 3.0 and PCT connections:

AcceptSecureTransport -transport /G/ZTC0 -cert {CN=...} -nosslv2

To accept SSL 2.0 and SSL 3.0 connections:

AcceptSecureTransport -transport /G/ZTC0 -cert {CN=...} -nopct

To accept only PCT connections:

AcceptSecureTransport -transport /G/ZTC0 -cert {CN=...}\

-nosslv2 -nosslv3

AcceptSecureTransport -transport /G/ZTC0 -cert {CN=...} -nossl

Examples of Cipher Support

To allow only Triple DES (the most secure):

AcceptSecureTransport -transport /G/ZTC0 -cert {DN=...}\

-port 4433 -ciphers {DES-CBC3-MD5 DES-CBC3-SHA1}

# Allows all SSLv2 ciphers.

set SSLv2_CipherList {

RC4-MD5

RC2-CBC-MD5

DES-CBC3-MD5

DES-CBC-MD5

EXP-RC4-MD5