This section provides information about the Secure Sockets Layer (SSL) environment variables. Links to related topics appear at the
end of this section.
SSL-specific environment variables get exposed to common gateway interface (CGI) applications and server-side includes (SSI) processed pages.
You can categorize these variables into three types:
- Variables for information regarding the SSL handshake
- Variables for exposing the server certificate information
- Variables for exposing client certificate information, if you enable client authentication.
When making a valid SSL request, the SSL handshake environment variables and the server certificate environment
variables set. Setting client authentication to either optional or require, results in
the client certificate environment variables setting.
A list of SSL handshake environment variables, with their descriptions and values follows:
- HTTPS
- Description: Indicates an SSL connection.
- Values: String contains either ON, for an SSL connection, or OFF, if not.
- HTTPS_KEYSIZE
- Description: Indicates the size of the key.
- Values: See the table below.
- HTTPS_SECRETKEYSIZE
- Description: Indicates the actual strength of the key.
- Values: See the table below.
- SSL_PROTOCOL_VERSION
- Description: Contains the protocol version.
- Values: String contains either SSLV2, SSLV3, or TLSV1.
For Secure Sockets Layer V3 and Transport Layer Security V1:
Cipher Suite Key size Secret key size
---------------------------------------------------------------
SSL_RSA_WITH_NULL_MD5 0 0
SSL_RSA_WITH_NULL_SHA 0 0
SSL_RSA_EXPORT_WITH_RC4_40_MD5 128 40
SSL_RSA_WITH_RC4_128_MD5 128 128
SSL_RSA_WITH_RC4_128_SHA 128 128
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 128 40
SSL_RSA_WITH_DES_CBC_SHA 64 56
SSL_RSA_WITH_3DES_EDE_CBC_SHA 192 168
SSL_NULL_WITH_NULL_NULL 0 0
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 56 20
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 56 20
For Secure Sockets Layer V2:
Cipher Suite Key size Secret key size
---------------------------------------------------------------
RC4_128_WITH_MD5 128 128
RC4_128_EXPORT40_WITH_MD5 128 40
RC2_128_CBC_WITH_MD5 128 128
RC2_128_CBC_EXPORT40_WITH_MD5 128 40
DES_64_CBC_WITH_MD5 64 56
DES_192_EDE3_CBC_WITH_MD5 192 168
A list of server certificate environment variables with their associated descriptions and values follows:
- SSL_SERVER_C
- Description: Contains the country attribute of the server certificate
- Values: String or empty
- SSL_SERVER_CN
- Description: Contains the common name attribute of the server certificate
- Values: String or empty
- SSL_SERVER_DN
- Description: Contains the distinguished name of the server certificate used in the IP-based virtual host which
received the request
- Values: String or empty
- SSL_SERVER_EMAIL
- Description: Contains the e-mail attribute of the server certificate
- Values: String or empty
- SSL_SERVER_L
- Description: Contains the locality attribute of the server certificate
- Values: String or empty
- SSL_SERVER_O
- Description: Contains the organization attribute of the server certificate
- Values: String or empty
- SSL_SERVER_OU
- Description: Contains the organizational unit attribute of the server certificate
- Values: String or empty
- SSL_SERVER_ST
- Description: Contains the state or province attribute of the server certificate
- Values: String or empty
A list of the client certificate environment variables, with their associated descriptions and values follows:
- SSL_CLIENT_C
- Description: Contains the client certificate country
- Values: String or empty
- SSL_CLIENT_CERTBODY
- Description: Contains the client certificate
- Values: String containing the complete client certificate as a string
- SSL_CLIENT_CERTBODYLEN
- Description: Contains the length of the client certificate
- Values: Integer
- SSL_CLIENT_CN
- Description: Contains the client certificate common name
- Values: String or empty
- SSL_CLIENT_DN
- Description: Contains the distinguished name from the client certificate
- Values: String or empty
- SSL_CLIENT_EMAIL
- Description: Contains the client certificate e-mail
- Values: String or empty
- SSL_CLIENT_IC
- Description: Contains the country name of the client certificate issuer
- Values: String or empty
- SSL_CLIENT_ICN
- Description: Contains the common name of the client certificate issuer
- Values: String or empty
- SSL_CLIENT_IDN
- Description: Contains the distinguished name of the client certificate issuer
- Values: String or empty
- SSL_CLIENT_IEMAIL
- Description: Contains the e-mail address of the client certificate issuer
- Values: String or empty
- SSL_CLIENT_IL
- Description: Contains the locality of the client certificate issuer
- Values: String or empty
- SSL_CLIENT_IO
- Description: Contains the organization name of the client certificate issuer
- Values: String or empty
- SSL_CLIENT_IOU
- Description: Contains the organizational unit name of the client certificate issuer
- Values: String or empty
- SSL_CLIENT_IPC
- Description: Contains the postal code of the client certificate issuer
- Values: String and empty
- SSL_CLIENT_IST
- Description: Contains the state or province of the client certificate issuer
- Values: String or empty
- SSL_CLIENT_L
- Description: Contains the client certificate locality
- Values: String or empty
- SSL_CLIENT_NEWSESSIONID
- Description: Indicates whether this session ID is new
- Values: String containing "TRUE" or "FALSE"
- SSL_CLIENT_O
- Description: Contains the client certificate organization
- Values: String or empty
- SSL_CLIENT_OU
- Description: Contains the client certificate organizational unit
- Values: String or empty
- SSL_CLIENT_PC
- Description: Contains the client certificate postal code
- Values: String and empty
- SSL_CLIENT_SERIALNUM
- Description: Contains the client certificate serial number
- Values: String or empty
- SSL_CLIENT_SESSIONID
- Description: Contains the session ID
- Values: String or empty
- SSL_CLIENT_ST
- Description: Contains the client certificate state or province
- Values: String or empty
(Back to the top)
|