Sslcarevocationpath, Sslciphersuite – Oracle B12255-01 User Manual

Security Services Implemented Within Oracle HTTP Server

Managing Security

8-15

SSLCARevocationPath

Specifies the directory where

PEM

-encoded Certificate

Revocation Lists (CRLs) are stored. These CRLs come from the

CA

s (Certificate

Authorities) that you accept certificates from. If a client attempts to authenticate
itself with a certificate that is on one of these CRLs, then the certificate is revoked
and the client cannot authenticate itself with your server.

SSLCipherSuite

Specifies the SSL

cipher suite

that the client can use during the

SSL handshake. This directive uses a colon-separated cipher specification string to
identify the cipher suite.

Table 8–3

shows the tags you can use in the string to

describe the cipher suite you want.

Tags are joined together with prefixes to form cipher specification string.

Category

Value

Syntax

SSLCARevocationPath path/to/CRL_directory/

Example

SSLCARevocationPath /ORACLE_HOME/Apache/conf/ssl.crl/

Default

None

Context

server configuration, virtual host

Category

Value

Valid Values

none

: Adds the cipher to the list

+

: Adds the cipher to the list and place them in the correct location in the

list

-

: Remove the cipher from the list (can be added later)

!

: Remove the cipher from the list permanently

Example

SSLCipherSuite ALL:!LOW:!DH

In this example, all ciphers are specified except low strength ciphers and
those using the

Diffie-Hellman key negotiation algorithm

.

Syntax

SSLCipherSuite cipher-spec

Default

None

Context

server configuration, virtual host, directory