The Stronger Ciphers option presents a choice of 168, 128, or 56-bit secret key size for access. You can specify a file to be served when the restriction is not met. If no file is specified, the Sun Java System Web Server displays a “Forbidden” status.
If you select a key size for access that is not consistent with the current cipher settings under Security Preferences, Sun Java System Web Server displays a popup dialog warning that you need to enable ciphers with larger secret key sizes.
PathCheck fn="ssl-check" [secret-keysize=<nbits>] [bong-file=<filename>]
where <nbits> is the minimum number of bits required in the secret key, and <filename> is the name of a file (not a URI) to be served if the restriction is not met.
PathCheck returns REQ_NOACTION if SSL is not enabled, or if the secret-keysize parameter is not specified. If the secret key size for the current session is less than the specified secret-keysize, the function returns REQ_ABORTED with a status of PROTOCOL_FORBIDDEN if bong-file is not specified, or else REQ_PROCEED, and the “path” variable is set to the bong-file <filename>. Also, when a key size restriction is not met, the SSL session cache entry for the current session is invalidated, so that a full SSL handshake will occur the next time the same client connects to the server.
The Stronger Ciphers form removes any Service fn=key-toosmall directives that it finds in an object when it adds a PathCheck fn=ssl-check.
To Set Stronger Ciphers, perform the following steps:
Access the Server Manager and select the server instance from the drop-down list.
Click the Virtual Server Class tab.
Select a class from the drop-down list and click Manage.
The Class Manager page appears.
Choose the Content Mgmt tab.
Select Stronger Ciphers.
Choose to edit:
Select the secret key size restriction:
Enter the file location of the message to reject access.
Select hard start /restart or dynamically apply
For more information, see Introduction to SSL.