System Administration IBM HTTP Server documentation

Using cipher specifications

This section contains information regarding cipher specifications, including browser configuration, key sizes, valid cipher specifications and associated notes Note:. Links to related information appear at the end of this section.

Configuring the browser

The following directives require browser configuration:

  • SSLCipherBan
  • SSLCipherRequire
  • SSLCipherSpec
  • SSLVersion

Identifying cipher specifications and key sizes

The Secure Sockets Layer (SSL) cipher specification indicates the data encryption algorithm and key size usage. SSL V3 includes the hashing algorithm. For example, cipher specification DES SHA (56 bit) uses the DES encryption algorithm, a 56-bit key size and the SHA hashing algorithm. For more detailed information on cipher specifications, go to SSL V3.0 Specifications.

Listing valid cipher specifications

The following section provides a listing of currently valid cipher specifications.

SSL Version 2 cipher specifications

 
  • SSL_DES_192_EDE3_CBC_WITH_MD5
  • SSL_RC4_128_WITH_MD5
  • SSL_RC2_CBC_128_CBC_WITH_MD5
  • SSL_DES_64_CBC_WITH_MD5
  • SSL_RC4_128_EXPORT40_WITH_MD5
  • SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5

  North American Edition (U.S. and Canada)  
     
Short name Long name Description
27 SSL_DES_192_EDE3_CBC_WITH_MD5 Triple-DES (168 bit)

21 SSL_RC4_128_WITH_MD5 RC4 (128 bit)

23 SSL_RC2_CBC_128_CBC_WITH_MD5 RC2 (128 bit)

26 SSL_DES_64_CBC_WITH_MD5 DES (56 bit)

22 SSL_RC4_128_EXPORT40_WITH_MD5 RC4 (40 bit)

24 SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 RC2 (40 bit)

 

Secure Sockets Layer Version 3 and Transport Layer Security Version 1 Cipher Specifications

 
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_EXPORT_WITH_RC4_40_MD4
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • SSL_RSA_WITH_NULL_SHA
  • SSL_RSA_WITH_NULL_MD5
  • SSL_NULL_WITH_NULL_NULL
  • TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
  • TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA

 
  North American Edition (US and Canada)  
     
Short name Long name Description
   
3A SSL_RSA_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168 bit)

33 SSL_RSA_EXPORT_WITH_RC4_40_MD5 RC4 SHA (40 bit)

34 SSL_RSA_WITH_RC4_128_MD5 RC4 MD5 (128 bit)

39 SSL_RSA_WITH_DES_CBC_SHA DES SHA (56 bit)

35 SSL_RSA_WITH_RC4_128_SHA RC4 SHA (128 bit)

See note below. 36 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 RC2 MD5 (40 bit)

32 SSL_RSA_WITH_NULL_SHA

31 SSL_RSA_WITH_NULL_MD5

30 SSL_NULL_WITH_NULL_NULL

62 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

64 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

2F TLS_RSA_WITH_AES_128_CBC_SHA AES SHA (128 bit)

35b TLS_RSA_WITH_AES_256_CBC_SHA AES SHA (128 bit)
Note

Cipher specification 36 requires Netscape Navigator V4.07 or later.

  International Export Edition  
Short name Long name Description
3A SSL_RSA_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168 bit)

33 SSL_RSA_EXPORT_WITH_RC4_40_MD5 RC4 SHA (40 bit)

34 SSL_RSA_WITH_RC4_128_MD5 RC4 MD5 (128 bit)

39 SSL_RSA_WITH_DES_CBC_SHA DES SHA (56 bit)

35 SSL_RSA_WITH_RC4_128_SHA RC4 SHA (128 bit)

See note below. 36 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 RC2 MD5 (40 bit)

32 SSL_RSA_WITH_NULL_SHA

31 SSL_RSA_WITH_NULL_MD5

30 SSL_NULL_WITH_NULL_NULL

62 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA RC4 SHA Export1024 (56 bit)

64 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA DES SHA Export1024 (56 bit)

Note

Cipher specification 36 requires Netscape Navigator V4.07 or later.

 

FIPS Approved NIST SSLV3 and TLSV1 (only available with SSLFIPSEnable)

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_FIPS_WITH_DES_CBC_SHA

  North American Edition (US and Canada)  
Short name Long name Description
See note below. 3A SSL_RSA_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168 bit)

See note below. FF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168 bit)

See note below. 35b TLS_RSA_WITH_AES_256_CBC_SHA AES SHA (128 bit)

See note below. 2F TLS_RSA_WITH_AES_128_CBC_SHA AES SHA (128 bit)

39 SSL_RSA_WITH_DES_CBC_SHA DES SHA (56 bit)

FE SSL_RSA_FIPS_WITH_DES_CBC_SHA DES SHA (56 bit)
Note

Not supported in versions available outside of North America.

 

Finding related information

     (Back to the top)