Oracle iPlanet Web Proxy Server 4.0.14 Configuration File Reference

ssl-check

Applicable in PathCheck-class directives.

If a restriction is selected that is not consistent with the current cipher settings under Security Preferences, this function displays a warning that ciphers with larger secret key sizes need to be enabled. This function is designed to be used together with a Client tag to limit access of certain directories to nonexportable browsers.

The function returns REQ_NOACTION if SSL is not enabled, or if the secret-keysize parameter is not specified. If the secret key size for the current session is less than the specified secret-keysize and the bong-file parameter is not specified, the function returns REQ_ABORTED with a status of PROTOCOL_FORBIDDEN. If the bong-file is specified, the function returns REQ_PROCEED, and the path variable is set to the bong file name. Also, when a key size restriction is not met, the SSL session cache entry for the current session is invalidated so that a full SSL handshake will occur the next time the same client connects to the server.

Requests that use ssl-check are not cacheable in the accelerator file cache if ssl-check returns a value other than REQ_NOACTION.

Parameters

The following table describes parameters for the ssl-check function.

Table 5–69 ssl-check parameters

Parameter  

Description  

secret-keysize

(Optional) Minimum number of bits required in the secret key 

bong-file

(Optional) Name of a file (not a URI) to be served if the restriction is not met 

bucket

(Optional) Common to all obj.conf functions