System Administration IBM HTTP Server documentation

Understanding Secure Sockets Layer environment variables

This section provides information about the Secure Sockets Layer (SSL) environment variables. Links to related topics appear at the end of this section.

SSL-specific environment variables get exposed to common gateway interface (CGI) applications and server-side includes (SSI) processed pages. You can categorize these variables into three types:

  • Variables for information regarding the SSL handshake
  • Variables for exposing the server certificate information
  • Variables for exposing client certificate information, if you enable client authentication.

When making a valid SSL request, the SSL handshake environment variables and the server certificate environment variables are set. Setting client authentication to either optional or require, results in the client certificate environment variables setting.

Looking at SSL handshake environment variables

A list of SSL handshake environment variables, with their descriptions and values follows:

  • HTTPS
    • Description: Indicates an SSL connection.
    • Values: String contains either ON, for an SSL connection, or OFF, if not.
  • HTTPS_KEYSIZE
    • Description: Indicates the size of the key.
    • Values: See the table below.
  • HTTPS_SECRETKEYSIZE
    • Description: Indicates the actual strength of the key.
    • Values: See the table below.
  • SSL_PROTOCOL_VERSION
    • Description: Contains the protocol version.
    • Values: String contains either SSLV2, SSLV3, or TLSV1.

Values for HTTPS_KEYSIZE and HTTPS_SECRETKEYSIZE

For Secure Sockets Layer V3 and Transport Layer Security V1:

Cipher Suite                      Key size     Secret key size  
--------------------------------------------------------------- 
SSL_RSA_WITH_NULL_MD5                  0          0
SSL_RSA_WITH_NULL_SHA                  0          0
SSL_RSA_EXPORT_WITH_RC4_40_MD5       128         40
SSL_RSA_WITH_RC4_128_MD5             128        128
SSL_RSA_WITH_RC4_128_SHA             128        128
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5   128         40
SSL_RSA_WITH_DES_CBC_SHA              64         56
SSL_RSA_WITH_3DES_EDE_CBC_SHA        192        168
SSL_NULL_WITH_NULL_NULL                0          0
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    56         20
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   56         20    


For Secure Sockets Layer V2:

Cipher Suite                      Key size     Secret key size
--------------------------------------------------------------- 
RC4_128_WITH_MD5                     128        128
RC4_128_EXPORT40_WITH_MD5            128         40
RC2_128_CBC_WITH_MD5                 128        128
RC2_128_CBC_EXPORT40_WITH_MD5        128         40
DES_64_CBC_WITH_MD5                   64         56
DES_192_EDE3_CBC_WITH_MD5            192        168


Looking at server certificate environment variables

A list of server certificate environment variables with their associated descriptions and values follows:

  • SSL_SERVER_C
    • Description: Contains the country attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_CN
    • Description: Contains the common name attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_DN
    • Description: Contains the distinguished name of the server certificate used in the IP-based virtual host which received the request
    • Values: String or empty
  • SSL_SERVER_EMAIL
    • Description: Contains the e-mail attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_L
    • Description: Contains the locality attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_O
    • Description: Contains the organization attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_OU
    • Description: Contains the organizational unit attribute of the server certificate
    • Values: String or empty
  • SSL_SERVER_ST
    • Description: Contains the state or province attribute of the server certificate
    • Values: String or empty

Looking at client certificate environment variables

A list of the client certificate environment variables, with their associated descriptions and values follows:

  • SSL_CLIENT_C
    • Description: Contains the client certificate country
    • Values: String or empty
  • SSL_CLIENT_CERTBODY
    • Description: Contains the client certificate
    • Values: String containing the complete client certificate as a string
  • SSL_CLIENT_CERTBODYLEN
    • Description: Contains the length of the client certificate
    • Values: Integer
  • SSL_CLIENT_CN
    • Description: Contains the client certificate common name
    • Values: String or empty
  • SSL_CLIENT_DN
    • Description: Contains the distinguished name from the client certificate
    • Values: String or empty
  • SSL_CLIENT_EMAIL
    • Description: Contains the client certificate e-mail
    • Values: String or empty
  • SSL_CLIENT_IC
    • Description: Contains the country name of the client certificate issuer
    • Values: String or empty
  • SSL_CLIENT_ICN
    • Description: Contains the common name of the client certificate issuer
    • Values: String or empty
  • SSL_CLIENT_IDN
    • Description: Contains the distinguished name of the client certificate issuer
    • Values: String or empty
  • SSL_CLIENT_IEMAIL
    • Description: Contains the e-mail address of the client certificate issuer
    • Values: String or empty
  • SSL_CLIENT_IL
    • Description: Contains the locality of the client certificate issuer
    • Values: String or empty
  • SSL_CLIENT_IO
    • Description: Contains the organization name of the client certificate issuer
    • Values: String or empty
  • SSL_CLIENT_IOU
    • Description: Contains the organizational unit name of the client certificate issuer
    • Values: String or empty
  • SSL_CLIENT_IPC
    • Description: Contains the postal code of the client certificate issuer
    • Values: String and empty
  • SSL_CLIENT_IST
    • Description: Contains the state or province of the client certificate issuer
    • Values: String or empty
  • SSL_CLIENT_L
    • Description: Contains the client certificate locality
    • Values: String or empty
  • SSL_CLIENT_NEWSESSIONID
    • Description: Indicates whether this session ID is new
    • Values: String containing "TRUE" or "FALSE"
  • SSL_CLIENT_O
    • Description: Contains the client certificate organization
    • Values: String or empty
  • SSL_CLIENT_OU
    • Description: Contains the client certificate organizational unit
    • Values: String or empty
  • SSL_CLIENT_PC
    • Description: Contains the client certificate postal code
    • Values: String and empty
  • SSL_CLIENT_SERIALNUM
    • Description: Contains the client certificate serial number
    • Values: String or empty
  • SSL_CLIENT_SESSIONID
    • Description: Contains the session ID
    • Values: String or empty
  • SSL_CLIENT_ST
    • Description: Contains the client certificate state or province
    • Values: String or empty

Finding related information

     (Back to the top)