Security

This section lists the directives in magnus.conf that affect server access and security issues for Sun Java System Web Server. They are:

• Security

• ServerString

• SSLCacheEntries

• SSLClientAuthDataLimit

• SSLClientAuthTimeout

• SSLSessionTimeout

• SSL3SessionTimeout

Security

The Security directive globally enables or disables SSL by making certificates available to the server instance. It must be on for virtual servers to use SSL. If enabled, the user is prompted for the administrator password (in order to access certificates, and so on).

When you create a secure listen socket through the Server Manager, security is automatically turned on globally in magnus.conf. When you create a secure listen socket manually in server.xml, security must be turned on by editing magnus.conf.

Syntax

Security [on|off]

Default

off

Example

Security off

ServerString

Allows the administrator to change the string sent with the Server HTTP header.

Syntax

ServerString string

string is the new string to send as the header. All characters, including quotes, will be sent. The string none, will cause the header to not be sent at all.

Example

ServerString My Own Server/1.0
ServerString none

SSLCacheEntries

Specifies the number of SSL sessions that can be cached. There is no upper limit.

Syntax

SSLCacheEntries number

If the number is 0, the default value, which is 10000, is used.

SSLClientAuthDataLimit

Specifies the maximum amount of application data, in bytes, that is buffered during the client certificate handshake phase.

Default

The default value is 1048576 (1 MB).

SSLClientAuthTimeout

Specifies the number of seconds after which the client certificate handshake phase times out.

Default

60

SSLSessionTimeout

The SSLSessionTimeout directive controls SSL2 session caching.

Syntax

SSLSessionTimeout seconds

The seconds value is the number of seconds until a cached SSL2 session becomes invalid. If the SSLSessionTimeout directive is specified, the value of seconds is silently constrained to be between 5 and 100 seconds.

Default

The default value is 100.

SSL3SessionTimeout

The SSL3SessionTimeout directive controls SSL3 session caching.

Syntax

SSL3SessionTimeout seconds

The seconds value is the number of seconds until a cached SSL3 session becomes invalid. The default value is 86400 (24 hours). If the SSL3SessionTimeout directive is specified, the value of seconds is silently constrained to be between 5 and 86400 seconds.