host-ip

Edit online

Syntax

host-ip = {ALL|NONE|cipher_level|cipher_name}

Description

List of string values to specify the allowed encryption levels for HTTPS access for a specific IP address.

Note that this stanza has been deprecated and is retained only for backward compatibility.

Options

ALL
The value ALL allows all ciphers.
NONE
The value NONE disables all ciphers and uses an MD5 MAC check sum.
cipher_level
Legal cipher values are: NULL, DES-56, FIPS-DES-56, DES-168, FIPS-DES-168, RC2-40, RC2-128, RC4-40, RC4-56, RC4-128, AES-128, AES-256
ValueCipher name in GSKit
NULLTLS_RSA_WITH_NULL_MD5
DES-56TLS_RSA_WITH_DES_CBC_SHA
FIPS-DES-56SSL_RSA_FIPS_WITH_DES_CBC_SHA
DES-168SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
FIPS-DES-168TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
RC2-40TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
RC2-128TLS_RC2_CBC_128_CBC_WITH_MD5
RC4-40TLS_RSA_EXPORT_WITH_RC4_40_MD5
RC4-56TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
RC4-128TLS_RSA_WITH_RC4_128_MD5
AES-128TLS_RSA_WITH_AES_128_CBC_SHA
AES-256TLS_RSA_WITH_AES_256_CBC_SHA
cipher_name

Specific cipher names can also be used. This can be useful when the cipher_level above do not include a required cipher. When a cipher is enabled, it will be used with all enabled versions of SSL and TLS that support the cipher. The following is a list of available cipher names:

  • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_FIPS_WITH_DES_CBC_SHA
  • TLS_DHE_PSK_WITH_AES_128_CCM_8
  • TLS_DHE_PSK_WITH_AES_128_CCM
  • TLS_DHE_PSK_WITH_AES_256_CCM_8
  • TLS_DHE_PSK_WITH_AES_256_CCM
  • TLS_DHE_RSA_WITH_AES_128_CCM_8
  • TLS_DHE_RSA_WITH_AES_128_CCM
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CCM_8
  • TLS_DHE_RSA_WITH_AES_256_CCM
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA
  • TLS_PSK_WITH_AES_128_CCM_8
  • TLS_PSK_WITH_AES_128_CCM
  • TLS_PSK_WITH_AES_256_CCM_8
  • TLS_PSK_WITH_AES_256_CCM
  • TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  • TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
  • TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • TLS_RSA_EXPORT_WITH_RC4_40_MD5
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CCM_8
  • TLS_RSA_WITH_AES_128_CCM
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CCM_8
  • TLS_RSA_WITH_AES_256_CCM
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_DES_CBC_SHA
  • TLS_RSA_WITH_NULL_MD5
  • TLS_RSA_WITH_NULL_NULL
  • TLS_RSA_WITH_NULL_SHA
  • TLS_RSA_WITH_RC4_128_MD5
  • TLS_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_NULL_SHA256
  • SSL_CK_RC4_128_WITH_MD5
  • SSL_CK_RC4_128_EXPORT40_WITH_MD5
  • SSL_CK_RC2_128_CBC_WITH_MD5
  • SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
  • SSL_CK_DES_64_CBC_WITH_MD5
  • SSL_CK_DES_192_EDE3_CBC_WITH_MD5
  • TLS_ECDHE_ECDSA_WITH_NULL_SHA
  • TLS_ECDHE_RSA_WITH_NULL_SHA
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_CCM_8_SHA256

Usage

This stanza entry is optional.

Default value

None.

Example

To specify allowable ciphers for a selected group of IP addresses, create a separate entry for each address. For example:

111.222.333.444 = RC4-128
222.666.333.111 = RC2-128