webMethods and Intelligent Business Operations 10.2 | Integration Server Administrator's Guide | Server Configuration Parameters | watt.ssl.
 
watt.ssl.
watt.ssl.accelerator.provider
Enables the use of the SSL accelerator provided with a T1/T2 processor on a Solaris 10 OS machine. The only value you can specify with this parameter is SunPKCS11-Solaris. To use this accelerator, Integration Server must be running with JVM 1.5 and the HSM Based Keystore field must be set to true on the Security > Keystore > Create Keystore Alias screen.
If you do not specify this parameter, SSL ports will be able to use the nCipher accelerator only. To use this accelerator, the HSM Based Keystore field must be set to True on the Security > Keystore > Create Keystore Alias screen.
watt.ssl.entrust.toolkit.ssl.fragmentblockcipher
Specifies whether the Entrust library is to fragment SSL records when a block cipher is used.
The Entrust library included with Integration Server addresses an SSL vulnerability identified in the US-CERT Vulnerability Note VU#864643 (http://www.kb.cert.org/vuls/id/864643). The Entrust library changes the way SSL records are fragmented when using a block cipher such as AES. When a block cipher is used, the Entrust library breaks up the SSL record into two records: a 1-byte record and a record consisting of the remaining bytes. This change prevents the exploit from working.
If you need to disable fragmentation of the SSL records for interoperability, you can disable the fragmentation feature by setting the watt.ssl.entrust.toolkit.ssl.fragmentblockcipher parameter to false. The default value of this property is true.
watt.ssl.iaik.clientAllowUnboundRenegotiate
Indicates whether Integration Server should block renegotiation with the server when serving as an SSL client. When this property is set to false (the default), Integration Server blocks all renegotiation attempts with the server. When set to true, Integration Server allows all renegotiation attempts.
Important: If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.ssl.iaik.debug
Indicates whether Integration Server should log SSL handshake communication messages between the SSL client and SSL server in the server console. If set to true, Integration Server logs SSL handshake communication messages to the server console. The default is false.
Important: If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.
watt.ssl.iaik.serverAllowUnboundRenegotiate
Indicates whether Integration Server should block renegotiation with the client when serving as an SSL server. When this property is set to false (the default), Integration Server blocks all renegotiation attempts with the client. When set to true, Integration Server allows all renegotiation attempts.
Important: If you change the setting of this parameter, you must restart Integration Server for the changes to take effect.

Copyright © 2015- 2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release