Defines SSL (Secure Socket Layer) parameters.
An ssl element is required inside an http-listener or iiop-listener element that has its security-enabled attribute set to on.
The grandparent http-service element has properties that configure global SSL settings.
http-listener, iiop-listener, jmx-connector, ssl-client-config
none
The following table describes attributes for the ssl element.
Table 1–174 ssl Attributes
Attribute |
Default |
Description |
---|---|---|
s1as |
The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional. |
|
false |
(optional) Determines whether SSL2 is enabled. If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. |
|
none |
(optional) A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4 . Allowed values are rc4, rc4export, rc2, rc2export, idea, des , desede3. |
|
true |
(optional) Determines whether SSL3 is enabled. The default is true . If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. |
|
none |
(optional) A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5 . Allowed values are SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_RC4_128_SHA, and SSL_RSA_WITH_NULL_SHA. Values available in previous releases are supported for backward compatibility. |
|
true |
(optional) Determines whether TLS is enabled. |
|
true |
(optional) Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. For more information, see theSun GlassFish Enterprise Server v2.1.1 Administration Guide. |
|
false |
(optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control. |