Setting Security (Ssl) Preferences; Adding A Pkcs #11Module - Sun Microsystems Netscape Enterprise Server Administrator's Manual

Using Secure Sockets Layer (SSL)
guaranteed to work with SSL 2 ciphers. To specify which ciphers your server
can use, check them in the list. Unless you have a compelling reason not to use
a specific cipher, you should check them all.
Another reason for not enabling all ciphers is to prevent SSL connections with
less than optimal encryption. International versions of Netscape products are
limited to 56- or 40-bit encryption keys. Therefore, international clients might
be using only 40-bit encryption, which is not as difficult to crack as 128-bit.
Unchecking all 40-bit ciphers effectively restricts access to browsers available
only in the United States.
You might not want to click the "No Encryption, only MD5 message
Warning
authentication" checkbox. If no other ciphers are available on the client side,
the server will use this, and no encryption will occur.
Finally, you can also enforce stronger security requirements via the Stronger
Ciphers option on the Server Manager Preferences tab. For more information,
see "Setting Encryption Preferences," on page 73 in Chapter 3, "Setting
Administration Preferences."
For more information regarding specific ciphers, see Managing Servers with
Netscape Console.

Setting Security (SSL) Preferences

You can set preferences for using SSL encryption on any server. To set the SSL
preferences for Enterprise Server, perform the steps described in "Setting
Encryption Preferences," on page 73 in Chapter 3, "Setting Administration
Preferences."

Adding a PKCS #11Module

Enterprise Server 4.0 supports Public Key Cryptography Standard (PKCS) #11,
which defines the interface used for communication between SSL and PKCS #11
modules. The PKCS#11 modules are used for standards-based connectivity to
SSL hardware accelerators. You can import PKCS#11 modules in the form of
.jar files.
Chapter 5, Working with Server Security 129