For Allowing 128 bit browsers access, while denying lower strength browsers (40 bit, 56 bit) from connecting to the Web server over SSL, we need to use SSLCipherSpec directives within the SSL VirtualHost stanza located in the httpd.conf file.
The Configuration will look like:
Listen 443
<VirtualHost 192.168.1.20:443>
ServerName neelesh.gurjar
SSLEnable
SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA
SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA
SSLCipherSpec 27
SSLCipherSpec 21
SSLCipherSpec 23
SSLCipherSpec 3A
SSLCipherSpec 34
SSLCipherSpec 35
SSLStashfile “../WebSphere/sslkey/xxyyy.sth”
SSLClientAuth None
ErrorLog /var/logs/httpd/error_ssl_http
CustomLog /var/logs/httpd/access_ssl_http common
<Directory “/apps/WebSphere/IBMIHS/htdocs/en_US”>
Options Indexes
AllowOverride None
order allow,deny
allow from all
</Directory>
DocumentRoot “/WebSphere/IBMIHS/htdocs/en_US”
DirectoryIndex index2.html
</VirtualHost>
SSLDisable
KeyFile “C:/Program Files/IBM HTTP Server 2.0.42/key.kdb”
SSLV2Timeout 100
SSLV3Timeout 1000
===========
In this I have used some numbers “SSLCipherSpec”. Here is the meaning of them:
* 128 bit and 168 bit Ciphers
SSLV2
27 SSL_DES_192_EDE3_CBC_WITH_MD5 Triple-DES (168 bit)
21 SSL_RC4_128_WITH_MD5 RC4 (128 bit)
23 SSL_RC2_CBC_128_CBC_WITH_MD5 RC2 (128 bit)
SSLV3
3A SSL_RSA_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168 bit)
34 SSL_RSA_WITH_RC4_128_MD5 RC4 MD5 (128 bit)
35 SSL_RSA_WITH_RC4_128_SHA RC4 SHA (128 bit)
Please Note: ——–>
Do not use this configuration if the Web site is enabled with a step-up certificate.
