watt.ssl.
watt.ssl.accelerator.provider
Enables the use of the SSL accelerator provided with a T1/T2 processor on a Solaris 10 OS machine. The only value you can specify with this parameter is SunPKCS11-Solaris. To use this accelerator, Integration Server must be running with JVM 1.5 and the HSM Based Keystore field must be set to true on the Security > Keystore > Create Keystore Alias screen.
If you do not specify this parameter, SSL ports will be able to use the nCipher accelerator only. To use this accelerator, the HSM Based Keystore field must be set to True on the Security > Keystore > Create Keystore Alias screen.
watt.ssl.entrust.toolkit.ssl.fragmentblockcipher
Specifies whether the Entrust library is to fragment SSL records when a block cipher is used.
The Entrust library included with
Integration Server addresses an SSL vulnerability identified in the US-CERT Vulnerability Note VU#864643 (
http://www.kb.cert.org/vuls/id/864643). The Entrust library changes the way SSL records are fragmented when using a block cipher such as AES. When a block cipher is used, the Entrust library breaks up the SSL record into two records: a 1-byte record and a record consisting of the remaining bytes. This change prevents the exploit from working.
If you need to disable fragmentation of the SSL records for interoperability, you can disable the fragmentation feature by setting the watt.ssl.entrust.toolkit.ssl.fragmentblockcipher parameter to false. The default value of this property is true.
watt.ssl.iaik.debug
Indicates whether Integration Server should log SSL handshake communication messages between the SSL client and SSL server in the server console. If set to true, Integration Server logs SSL handshake communication messages to the server console. The default is false.
Important: If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.