ssl
Defines SSL (Secure Socket Layer) parameters.
An ssl element is required inside an http-listener or iiop-listener element that has its security-enabled attribute set to on.
In Platform Edition, SSL is globally disabled.
Superelements
http-listener, iiop-listener, ssl-client-config
Subelements
none
Attributes
The following table describes attributes for the ssl element.
Table 1–138 ssl Attributes|
Attribute |
Default |
Description |
|---|---|---|
|
none |
The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional. |
|
|
false |
(optional) Determines whether SSL2 is enabled. If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. |
|
|
none |
(optional) A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4 . Allowed values are rc4, rc4export, rc2, rc2export, idea, des , desede3. |
|
|
true |
(optional) Determines whether SSL3 is enabled. The default is true . If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. |
|
|
none |
(optional) A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5 . Allowed values are SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_RC4_128_SHA, and SSL_RSA_WITH_NULL_SHA. Values available in previous releases are supported for backward compatibility. |
|
|
true |
(optional) Determines whether TLS is enabled. |
|
|
false |
(optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control. |
- © 2010, Oracle Corporation and/or its affiliates