Quality of protection (QoP) settings

Specifies whether SSL client authentication is requested if the SSL connection is used for the server side of the connection.

If None is selected, the server does not request that a client certificate be sent during the handshake. If Supported is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake might still succeed. If Required is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake fails.

Keep in mind that client commands, such as stopServer or wsadmin, obtain their SSL configuration from the ssl.client.props file. If clientAuthentication is required by the server, then users must ensure that a valid client certificate exists in the keystore specified in the ssl.client.props, which is (profile)/etc/key.p12 by default.

Specifies the Secure Sockets Layer (SSL) handshake protocol. This protocol is typically SSL_TLSv2, which supports all handshake protocols except for SSLv2 on the server side. When United States Federal Information Processing standard (FIPS) option is enabled, Transport Layer Security (TLS) is automatically used regardless of this setting.

In version 8.5.5.21, the name of this setting changed from Protocol to Predefined protocols. Use this setting to specify a single SSL protocol. Some single SSL protocol values represent multiple SSL configurations, for example SSL_TLSv2 allows TLSv1, TLSv1.1, and TLSv1.2 protocols to be used. To specify multiple SSL protocols, use Custom protocol list.

Specifies a custom list of SSL handshake protocols. Use this setting to specify more than one handshake protocol. When United States Federal Information Processing standard (FIPS) option is enabled, Transport Layer Security (TLS) is automatically used regardless of this setting.

To define a custom list, select protocols from the list and click Add. Use Remove to remove protocols from the list. The custom protocol list shows up in the security configuration as a comma-separated list.

Specifies one of the predefined Java™ Secure Sockets Extension (JSSE) providers. The IBMJSSE2 provider is recommended for use on all platforms which support it. It is required for use by the channel framework SSL channel. When Federal Information Processing Standard (FIPS) is enabled, IBMJSSE2 is used in combination with the IBMJCEFIPS crypto provider.

Specifies a package that implements a subset of the cryptography aspects for the Java security application programming interface (API). This value is a JSSE provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.

Specifies that a custom JSSE provider should be used.

Specifies a package that implements a subset of the cryptography aspects for the Java security application programming interface (API). This value is a Java Secure Sockets Extension (JSSE) provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.

Specifies the various cipher suite groups that can be chosen depending upon your security needs. The stronger the cipher suite strength, the better the security; however, this can result in performance consequences.

When selected, the cipher suites that are contained within the selected Cipher suite group are added to the list of Selected ciphers. Any change to this list changes the Cipher suite group to custom.

Specifies the ciphers that are effective when the configuration is saved. These ciphers are used to negotiate with the remote side of the connection during the handshake. A common cipher needs to be selected or the handshake fails.

Specifies to add the selected cipher to the Selected ciphers list.

Specifies to remove the selected cipher from the Selected ciphers list.