[ssl] stanzaEdit online base-crypto-libraryUse the base-crypto-library stanza entry to specify the cipher engine that GSKit uses.crl-ldap-serverUse the crl-ldap-server stanza entry in the [ssl] stanza to specify the LDAP server that WebSEAL can contact for CRL checking during client-side certificate authentication.crl-ldap-server-portUse the crl-ldap-server-port entry in the [ssl] stanza to set the port number for WebSEAL to use when it communicates with the LDAP server specified in crl-ldap-server.crl-ldap-userUse the crl-ldap-user entry in the [ssl] stanza to specify an LDAP user who has permissions to retrieve the CRL on the LDAP server that is specified in crl-ldap-server. crl-ldap-user-passwordUse the crl-ldap-user-password entry in the [ssl] stanza to provide the password for the LDAP user that is specified in crl-ldap-user.disable-ssl-v2Use the disable-ssl-v2 entry in the [ssl] stanza to control whether support for SSL version 2 is enabled in WebSEAL.disable-ssl-v3Use the disable-ssl-v3 entry in the [ssl] stanza to control whether support for SSL version 3 is enabled in WebSEAL.disable-tls-v1Use the disable-tls-v1 entry in the [ssl] stanza to control whether support for TLS version 1 is enabled in WebSEAL.disable-tls-v11Use the disable-tls-v11 entry in the [ssl] stanza to control whether support for TLS version 1.1 is enabled in WebSEAL.disable-tls-v12Use the disable-tls-v12 entry in the [ssl] stanza to control whether support for TLS version 1.2 is enabled in WebSEAL.disable-tls-v13Use the disable-tls-v13 entry in the [ssl] stanza to control whether support for TLS version 1.3 is enabled in WebSEAL. enable-duplicate-ssl-dn-not-found-msgsUse the enable-duplicate-ssl-dn-not-found-msgs stanza entry to control whether WebSEAL logs a warning whenever you connect to a junction that has the -K or -B flag set without the -D flag. WebSEAL can log duplicate messages every time it opens a connection to the junction or log a single warning only for each affected junction.fips-mode-processingUse the fips-mode-processing stanza entry to enable or disable FIPS mode processing.gsk-attr-namegsk-crl-cache-entry-lifetimegsk-crl-cache-sizejct-gsk-attr-namenist-complianceUse the nist-compliance stanza entry to enable or disable NIST SP800-131A compliance.ocsp-enableocsp-max-response-sizeocsp-nonce-check-enableocsp-nonce-generation-enableocsp-proxy-server-nameocsp-proxy-server-portocsp-urlpkcs11-keyfileUse this entry to define the name of the pkcs11 key file that contains the configuration information for the network HSM device.ssl-complianceSpecifies the SSL compliance mode.ssl-extension-supported-groupsSpecifies supported groups for TLS key agreements. This entry is used only when ssl-key-agreement is set to custom.ssl-key-agreementSpecifies the TLS key agreement mode.ssl-max-entriesssl-v2-timeoutssl-v3-timeoutsuppress-client-ssl-errorsundetermined-revocation-cert-actionwebseal-cert-keyfilewebseal-cert-keyfile-labelwebseal-cert-keyfile-sniUse the webseal-cert-keyfile-sni stanza entry to configure WebSEAL to send a server certificate that contains a host name, which matches the host name in the initial browser request. webseal-cert-keyfile-stashParent topic: Stanza reference