Set and view cipher specification

For each virtual host, set the cipher specification (spec) to use during secure transactions. The cipher specs that are specified are validated against the level of the GSK toolkit installed on your system. If the cipher specs are not valid, an error is logged to the error log. If the ciphers specified are not supported by the client issuing the request, the request fails and the connection is closed to the client.

Specify cipher specs

  1. In the configuration file, on the SSLCipherSpec directive, specify a value for each virtual host stanza, as in the following examples:
    SSLCipherSpec shortname
    

    Or

    SSLCipherSpec longname
    

    Where shortname or longname are replaced by the name of an SSL Version 2 or SSL Version 3 Cipher Specification.

  2. Save the configuration file and restart the server.

Viewing the configured cipher spec

To see what cipher specs the server will use for secure transactions, look at the informational messages that are logged in the error log.

  1. In the configuration file, on the LogLevel directive, specify that informational messages be included in the error log:
    LogLevel info
    
  2. Look in the error log for messages in this format:
    TimeStamp info_message mod_ibm_ssl: Using Version 2|3 Cipher: longname|shortname.
    

The order that the cipher specs appear in the error log from top to bottom is the order in which the cipher specifications are attempted.

Related information