JRun 4.0: Configuring the Apache web server to retrieve Cipher Suite and Key Size information
The inability to retrieve cipher suite and key size attribute data when connected to an Apache web server may result from an Apache configuration problem. This TechNote describes the configuration requirements for Apache and SSL to support retrieval of this data.
When SSL is enabled for an Apache web server, you should be able to retrieve cipher suite and key size information through thejavax.servlet.request object. However, callingjavax.servlet.request.cipher_suite orjavax.servlet.request.keysize from the HttpServletRequest.getAttribute() method will sometimes return null values. Correcting the problem requires the Apachehttpd.conf file to be configured with specific properties.
First, open the httpd.conf file and locate the "SSL Engine Options" section. Next, edit this section and add (or uncomment) the following line for SSLOptions:
SSLOptions +StdEnvVars +ExportCertData +CompatEnvVars
At a minimum, make sure to include the "+ExportCertData" attribute for this property:
o ExportCertData:
This exports two additional environment variables: SSL_CLIENT_CERT and SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
server (always existing) and the client (only existing when client authentication is used). This can be used to import the certificates into CGI scripts.
o StdEnvVars:
This exports the standard SSL/TLS related `SSL_*' environment variables. Per default this exportation is switched off for performance reasons,
because the extraction step is an expensive operation and is usually useless for serving static content. So one usually enables the
exportation for CGI and SSI requests only.
o CompatEnvVars:
This exports obsolete environment variables for backward compatibility to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
to provide compatibility to existing CGI scripts.
You will now be able to access the cipher suite and key size using the following servlet methods:
HttpServletRequest.getAttribute("javax.servlet.request.cipher_suite")
HttpServletRequest.getAttribute("javax.servlet.request.key_size)
This content requires Flash
To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.
Download the free Flash Player now!
