When using SSL directives, you should consider the
following: Limiting encryption to 128 bits or higher, rewriting HTTP (port
80) requests to HTTPS (port 443), logging SSL request information in the access
log, and enabling certificate revocation lists (CRL).
You should consider the following when you want to enable SSL directives
in the IBM HTTP Server
httpd.conf configuration file:
- Limiting IBM HTTP Server to encrypt at only 128 bits or higher. There
are several methods of configuring IBM HTTP Server to restrict and limit SSL
to allow only 128 bit browsers and 128,168 bit ciphers access to Web content.
For complete information, refer to Limiting IBM HTTP Server to encrypt at only 128 bits or higher .
- How to rewrite HTTP (port 80) requests to HTTPS (port 443). The mod_rewrite.c rewrite
module provided with IBM HTTP Server can be used as an effective way to automatically
rewrite all HTTP requests to HTTPS. For complete information refer to How to rewrite HTTP (port 80) requests to HTTPS (port 443).
- Logging SSL request information in the access log for IBM HTTP Server. The
IBM HTTP Server implementation provides Secure Sockets Layer (SSL) environment
variables that are configurable with the LogFormat directive in the httpd.conf configuration
file. For complete information refer to Logging SSL request information in the access log for IBM
HTTP Server.
- Enabling certificate revocation lists (CRL) in IBM HTTP Server. Certificate
revocation provides the ability to revoke a client certificate given to the
IBM HTTP Server by the browser when the key is compromised or when access
permission to the key is revoked. CRL represents a database that contains
a list of certificates revoked before their scheduled expiration date. For
complete information refer to SSL certificate revocation list.