Defines SSL (Secure Socket Layer) parameters.
An ssl element is required inside an http-listener or iiop-listener element that has its security-enabled attribute set to on.
The grandparent http-service element has properties that configure global SSL settings, and the http-protocol subelement of the grandparent http-service element has the ssl-enabled attribute, which globally enables SSL.
http-listener, iiop-listener, jmx-connector, ssl-client-config
none
The following table describes attributes for the ssl element.
Table 1–145 ssl Attributes| Attribute | Default | Description | 
|---|---|---|
| none | The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional. | |
| false | (optional) Determines whether SSL2 is enabled. If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. | |
| none | (optional) A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4 . Allowed values are rc4, rc4export, rc2, rc2export, idea, des , desede3. | |
| true | (optional) Determines whether SSL3 is enabled. The default is true . If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. | |
| none | (optional) A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +rsa_des_sha . Allowed SSL3 values are rsa_rc4_128_md5, rsa_3des_sha , rsa_des_sha, rsa_rc4_40_md5, rsa_rc2_40_md5, rsa_null_md5. Allowed TLS values are rsa_des_56_sha, rsa_rc4_56_sha. | |
| true | (optional) Determines whether TLS is enabled. | |
| true | (optional) Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. For more information, see the Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Administration Guide. | |
| false | (optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control. |