1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. NonStop SSL
  6. Reference manual

Clientauth; Clientcert - HP NonStop SSL Reference Manual

Hide thumbs
Table of Contents

Advertisement

suites to the SSL server. The server will then select a cipher suite from the list, or, if no acceptable choices are
presented, return a handshake failure alert and close the connection.
When running as an SSL server, HP NonStop SSL will select the first cipher from the list presented by the
client during the handshake that matches a cipher from CIPHERSUITES.
Notes:
If you trace the client handshake with a tool like wireshark, you will see one additional cipher with hex
representation 0x00FF. This is not an actual cipher but a hint for the server that the client supports secure
renegotiation. Please see section 4 of
more details on that.
WARNINGS!
Do NOT use ADH ciphers unless you know exactly what you are doing! ADH ciphers DO NOT include
authentication, thus they are vulnerable to Man-in-the-Middle attacks! Strongly not recommended!
The cipher suites 0.1 and 0.2 will NOT encrypt the traffic, they will only authenticate the partners and provide
message integrity checking. Please only use if encryption is not required.

CLIENTAUTH

Use this parameter to enforce SSL client authentication when running as SSL server. The CLIENTAUTH parameter
specifies a file (or a set of files) containing certificates. The certificate(s) will be sent to the client during connection
setup. The client will reply with its own client certificate which must be signed by one of the certificates configured with
the CLIENTAUTH parameter.
Parameter Syntax
CLIENTAUTH * | file1 [, file2, ...]
Arguments
*
No certificate request will be sent to the client
file1, file2, ...
DER encoded X.509 CA certificate(s) which sign the certificate to be sent by the SSL client to HP NonStop SSL. If
the SSL client cannot send such a certificate, the connection setup will fail.
Default
If omitted, '*' is used and HP NonStop SSL will not enforce SSL client authentication when running as SSL server.
Example
CLIENTAUTH $DATA1.SSL.CACERT

CLIENTCERT

Use this parameter to specify the client certificate that HP NonStop SSL should use to authenticate itself to an SSL
server.
Parameter Syntax
CLIENTCERT * | file
Arguments
*
HP NonStop SSL Reference Manual
http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01
in case you like
Configuration • 47
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for HP NonStop SSL

Related Products for HP NonStop SSL

Table of Contents