|
Howdie! I have a question for the members of the midrange list. It is a question about how much you might need or use a particular function if it were provided. I am not saying that this function will be provided. Lets just say that I am "dipping my toe in the water to see if it is cold, luke-warm, warm or hot". I am not asking for input on additional functions for the the HTTP server - just an answer if this function would be valuable to you, how valuable it would be and why. I will take input on this question thru Tuesday, 2/23/99. I thank you for your input in advance. Back ground: The V4R3 HTTP supports the Secure Sockets Layer (SSL) configuration on a per HTTP instance basis. You configure whether you want to use SSL on the Security Configuration panel. The V4R3 HTTP server support allows you to indicate, via a check box on the Security Configuration panel, whether you want to enable optional SSL client authentication or not. The default is to enable it. Required client authentication can be configured for an HTTP server instance in V4R3 be 1) enabling the optional client authentication box on the Security Configuration panel and 2) by setting up protection directives on a per URL basis with AUTH = CERT. Optional client authentication indicates that the HTTP server should request a certificate from the client, but that the client is not required to return one, and if a certificate is returned, that it does not need to be valid. With optional client authentication, if there is not a valid client certificate, then it is up to the application (HTTP server) to provide a level of authenticatng the client. If the certificate is not valid, the HTTP server will, based on your access list and protection setup configuration for that URL, possibly provide some additional level of client authentication. It all depends on how you configured the HTTP instance and the protection directives. Required (also known as mandatory) client authentication indicates that the HTTP server will request a certificate from the client for an SSL session. The client must return one and the certificate must be valid or the SSL handshake will fail and the server will not be given the chance of providing the requested URL. Question: Is there a need in V4R3, to also support a mutually exclusive (to the enable optional client authentication) check box that would enable or disable required client authentication on a per HTTP server instance? Enabling required client authentication via this mechanism would mean that all data served via this HTTP instance would have required that the client have been authenticated via SSL. Again, thank-you for your input in advance. Mark L. Bauman AS/400 Communications Software Development +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
