Supported cipher specifications

The encryption algorithms and hashes used for SSL versions 2 and 3 are listed in the following tables.

Key Pair Generation: RSA 512-1024 private key sizes

SSL Version 2

US version Export version
RC4 US RC4 Export
RC2 US RC2 Export
DES 56-bit not applicable
Triple DES US not applicable
RC4 Export not applicable
RC2 Export not applicable

SSL Version 3

US version Export version
Triple DES SHA US DES SHA Export
DES SHA Export RC2 MD5 Export
RC2 MD5 Export RC4 MD5 Export
RC4 SHA US NULL SHA
RC4 MD5 US NULL MD5
RC4 MD5 Export NULL NULL
RC4 SHA 56-bit not applicable
DES CBC SHA not applicable
NULL SHA not applicable
NULL MD5 not applicable
NULL NULL not applicable

These SSL specifications can also be configured by directly editing the proxy configuration file. For details, see the reference sections in Appendix B. Configuration file directives for the following directives:

128-bit encryption for Caching Proxy

Only a 128-bit encryption version of Caching Proxy is being delivered. The 56-bit version is no longer available. If you are updating a previous version, you can install Caching Proxy directly to your currently installed 128-bit or 56-bit version. If you were previously using a 56-bit (export) browser, you must upgrade to a 128-bit browser in order to take advantage of the 128-bit encryption in the proxy.

After an upgrade from a 56-bit version of Caching Proxy to the 128-bit version, if the key size used to encrypt certificates is set to 1024, then no configuration change is necessary. However, if the key size is set to 512, in order to take advantage of the proxy's 128-bit encryption, you must create new certificates with a key size of 1024. Create new keys by using the IBM Key Manager utility (iKeyman).

  1. Start the key manager.
  2. From the main menu, click Key Database File -> Open.
  3. In the Open dialog box, type your key database name (or click key.kdb if you are using the default) and click OK.
  4. If the Password Prompt dialog box opens, type your password and click OK.
  5. From the main menu, click Create -> New Certificate Request.
  6. In the New Key and Certificate Request window, specify the following:
  7. Click OK.

See Key and certificate management for a detailed discussion of the IBM Key Manager utility.

Note that this version of the product does not support encryption on SUSE Linux.