*Back to [[Book|Administrator's Configuration File Reference#cfr]] [[Topic|Administrator's Configuration File Reference#chap3]]*
h2. {{server.xml}} elements beginning with S
The following elements are discussed below:
|[#{{search-app}}] |[#{{search-collection}}] |[#{{server}}] |[#{{servlet-container}}] |[#{{session-replication}}] |[#{{single-sign-on}}] |[#{{snmp}}] |
|[#{{soap-auth-provider}}] |[#{{ssl}}] |[#{{ssl2-ciphers}}] |[#{{ssl3-tls-ciphers}}] |[#{{ssl-session-cache}}] |[#{{stats}}] |
h3. {{search-app}} {anchor:s1}
The {{search-app}} element configures the built-in search web application. This element may appear zero or one time within the {{virtual-server}} element. For more information, see [{{virtual-server}}|V & W#v2].
h4. Subelements
The {{search-app}} element can contain the following subelements:
Table 3-43 List of {{search-app}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the search application is enabled at runtime. The default value is {{true}}. |
|{{max-hits}} |0 or 1 |The maximum number of search results to return in response to a single search query. The value can be from 0 to 10000. |
|{{uri}} |1 |The root URI for the search web application. |
h4. See Also
* [{{convert}}|C#c5]
* [{{include}}|I & J#i1]
* [{{index}}|I & J#i2]
* [#{{search-collection}}]
h3. {{search-collection}} {anchor:s2}
The {{search-collection}} element configures a collection of searchable documents. This element may appear zero or more times within the {{virtual-server}} element. For more information, see [{{virtual-server}}|V & W#v2].
h4. Subelements
The {{search-collection}} element can contain the following subelements:
Table 3-44 List of {{search-collection}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the collection can be searched. The default value is {{true}}. |
|{{name}} |1 |The name that uniquely identifies the search collection. |
|{{display-name}} |0 or 1 |The description of the search collection displayed to end users. |
|{{uri}} |1 |The root URI for the searchable documents. |
|{{document-root}} |1 |The file system root for the searchable documents. If a relative path is used, it is relative to the server's {{config}} directory. |
|{{path}} |1 |The file system path where search collection meta data is stored. If a relative path is used, it is relative to the server's {{config}} directory. |
|{{index}} |0 or 1 |Configures the document fields to be indexed. For more details, see [{{index}}|I & J#i2]. |
|{{convert}} |0 or 1 |Configures the document type to be converted. For more details, see [{{convert}}|C#c5]. |
|{{include}} |0 or 1 |Configures document types that should be included. For more details, see [{{include}}|I & J#i1]. |
|{{description}} |0 or 1 |The description of the search collection. |
h4. See Also
* [{{convert}}|C#c5]
* [{{include}}|I & J#i1]
* [{{index}}|I & J#i2]
* [#{{search-app}}]
h3. {{server}} {anchor:s3}
The {{server}} element defines a server. This is the root element, and there can be only one {{server}} element in the {{server.xml}} file.
h4. Subelements
The {{server}} element has the following subelements:
Table 3-45 List of {{server}} Subelements
||Element ||Occurrences ||Description ||
|{{cluster}} |0 or 1 |The server cluster to which the server belongs. For more details, see [{{cluster}}|C#c2]. |
|{{log}} |0 or 1 |Configures the logging subsystem. For more details, see [{{log}}|K & L#l4]. |
|{{user}} |0 or 1 |The account the server runs as (UNIX only). The value is the user account. If the server is started as {{root}}, any UNIX account can be specified. If the server is started by a non-{{root}} account, only that non-{{root}} account should be specified. |
|{{platform}} |0 or 1 |Determines whether the server runs as a 32-bit or 64-bit process. The value can be 32 or 64. |
|{{temp-path}} |0 or 1 |The directory where the server stores its temporary files. If a relative path is used, it is relative to the server's {{config}} directory. The directory must be owned by the account that the server runs as. |
|{{variable}} |0 or more |Defines a variable for use in expressions, log formats, and {{obj.conf}} parameters. For more details, see [{{variable}}|V & W#v1]. |
|{{localization}} |0 or 1 |Configures localization. For more details, see [{{localization}}|K & L#l2]. |
|{{http}} |0 or 1 |Configures the HTTP protocol options. For more details, see [{{http}}|F & H#h1]. |
|{{keep-alive}} |0 or 1 |Configures the HTTP keep-alive subsystem. For more details, see [{{keep-alive}}|K & L#k1]. |
|{{thread-pool}} |0 or 1 |Configures the HTTP request processing threads. For more details, see [{{thread-pool}}|T#t1]. |
|{{pkcs11}} |0 or 1 |Configures the PKCS #11 subsystem. For more details, see [{{pkcs11}}|P#p1]. |
|{{stats}} |0 or 1 |Configures the statistics collection subsystem. For more details, see [#{{stats}}]. |
|{{cgi}} |0 or 1 |Configures the CGI subsystem. For more details, see [{{cgi}}|C#c1]. |
|{{qos}} |0 or 1 |Configures the QOS subsystem. For more details, see [{{qos}}|Q#q1]. |
|{{dns}} |0 or 1 |Configures the server's use of DNS. For more details, see [{{dns}}|D#d7]. |
|{{dns-cache}} |0 or 1 |Configures the DNS cache. For more details, see [{{dns-cache}}|D#d8]. |
|{{file-cache}} |0 or 1 |Configures the file cache. For more details, see [{{file-cache}}|F & H#f1]. |
|{{acl-cache}} |0 or 1 |Configures the ACL cache. For more details, see [{{acl-cache}}|A#a3]. |
|{{ssl-session-cache}} |0 or 1 |Configures the SSL/TLS session cache. For more details, see [#{{ssl-session-cache}}]. |
|{{access-log-buffer}} |0 or 1 |Configures the access log buffering subsystem. For more details, see [{{access-log-buffer}}|A#a2]. |
|{{dav}} |0 or 1 |Configures WebDAV. For more details, see [{{dav}}|D#d1]. |
|{{snmp}} |0 or 1 |Configures SNMP. For more details, see [#{{snmp}}]. |
|{{qos-limits}} |0 or 1 |Configures the QOS limits for the server. For more details, see [{{qos-limits}}|Q#q2]. |
|{{audit-accesses}} |0 or 1 |Specifies whether authentication and authorization events are logged. The default value is {{false}}. |
|{{jvm}} |0 or 1 |Configures JVM. For more details, see [{{jvm}}|I & J#j2]. |
|{{servlet-container}} |0 or 1 |Configures the Servlet container. For more details, see [#{{servlet-container}}]. |
|{{lifecycle-module}} |0 or more |Configures a Java server lifecycle module. For more details, see [{{lifecycle-module}}|K & L#l1]. |
|{{custom-resource}} |0 or more |Configures a resource implemented by a custom class. For more details, see [{{custom-resource}}|C#c6]. |
|{{external-jndi-resource}} |0 or more |Configures a resource provided by an external JNDI repository. For more details, see [{{external-jndi-resource}}|E#e3]. |
|{{jdbc-resource}} |0 or more |Configures a JDBC resource. For more details, see [{{jdbc-resource}}|I & J#j1]. |
|{{mail-resource}} |0 or more |Configures a mail store. For more details, see [{{mail-resource}}|M#m1]. |
|{{default-soap-auth-provider-name}} |0 or 1 |The name of the default SOAP message-level authentication provider. The value is the {{name}} value from a {{soap-auth-provider}} element. For more details, see [{{default-soap-auth-provider-name}}|D#d5] |
|{{soap-auth-provider}} |0 or more |Configures a SOAP message-level authentication provider. For more details, see [#{{soap-auth-provider}}]. |
|{{default-auth-realm-name}} |0 or 1 |The name of the default Servlet container authentication realm. The value is the {{name}} value from an {{auth-realm}} element. For more details, see [{{auth-realm}}|A#a9]. |
|{{auth-realm}} | 0 or more |Configures a Servlet container authentication realm. For more details, see [{{auth-realm}}|A#a9]. |
|{{default-auth-db-name}} |0 or 1 |The name of the default ACL authentication database. The value is the {{name}} value from an {{auth-db}} element, and the default value is {{default}}. For more details, see [{{auth-db}}|A#a8]. |
|{{auth-db}} |0 or more |Configures an ACL authentication database for the server. For more details, see [{{auth-db}}|A#a8]. |
|{{acl-file}} |0 or more |The ACL file that controls access to the server. The value is the name of an ACL file. For more details, see [{{acl-file}}|A#a5]. |
|{{mime-file}} |0 or more |The {{mime.types}} file that configures MIME mappings for the server as a whole. The value is the name of a {{mime.types}} file. For more details, see [{{mime-file}}|M#m2]. |
|{{access-log}} | 0 or more |Configures an HTTP access log for the server. For more details, see [{{access-log}}|A#a1]. |
|{{http-listener}} |0 or more |Configures an HTTP listener. For more details, see [{{http-listener}}|F & H#h2]. |
|{{virtual-server}} |0 or more |Configures a virtual server. For more details, see [{{virtual-server}}|V & W#v2]. |
|{{event}} |0 or more |Configures a recurring event. For more details, see [{{event}}|E#e2]. |
h3. {{servlet-container}} {anchor:s4}
The {{servlet-container}} element configures the Servlet container. This element may appear zero or one time within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{servlet-container}} element can contain the following subelements:
Table 3-46 List of {{servlet-container}} Subelements
||Element ||Occurrences ||Description ||
|{{dynamic-reload-interval}} |0 or 1 |Specifies how often the server checks the deployed web applications for modifications. The value can be from 1 to 60, or 0 to disable dynamic reloading. |
|{{log-level}} |0 or 1 |The log verbosity for the Servlet container. The value can be {{finest}} (most verbose), {{finer}}, {{fine}}, {{info}}, {{warning}}, {{failure}}, {{config}}, {{security}}, or {{catastrophe}} (least verbose). |
|{{anonymous-role}} |0 or 1 |The name of the default, or anonymous role assigned to all principals. The default role is {{ANYONE}}. |
|{{single-threaded-servlet-pool-size}} |0 or 1 |The number of Servlet instances to instantiate per {{SingleThreadedServlet}}. The value can be from 1 to 4096. The default value is {{5}}. |
|{{cross-context-allowed}} |0 or 1 |Determines whether request dispatchers are allowed to dispatch to another context. The default is {{true}}. |
|{{reuse-session-id}} |0 or 1 |Determines whether any existing session ID number is reused when creating a new session for that client. The default value is {{false}}. |
|{{encode-cookies}} |0 or 1 |Determines whether the Servlet container encodes cookie values. The default value is {{true}}. |
|{{dispatcher-max-depth}} |0 or 1 |The maximum depth for the Servlet container allowing nested request dispatches. The value can be from 0 to 2147483647. The default value is {{20}}. |
|{{secure-session-cookie}} |0 or 1 |
Controls the conditions under which the {{JSESSIONID}} cookie is marked secure. The value can be as follows:
* {{dynamic}} – Marks the cookie secure only when the request is received on a secure connection
* {{true}} - Always marks the cookie secure
* {{false}} – Never marks the cookie secure
The default value is {{dynamic}}. |
h4. See Also
* [{{auth-realm}}|A#a9]
* [{{default-auth-realm-name}}|D#d4]
* [{{jvm}}|I & J#j2]
* [#{{single-sign-on}}]
* [{{web-app}}|V & W#w1]
h3. {{session-replication}} {anchor:s5}
The {{session-replication}} element configures Servlet session replication within a server cluster. This element may appear zero or one time within the {{cluster}} element, and zero or one time within the {{instance}} element. For more information, see [{{cluster}}|C#c2], and [{{instance}}|I & J#i3].
h4. Subelements
The {{session-replication}} element can contain the following subelements:
Table 3-47 List of {{session-replication}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the session replication is enabled at runtime. The default value is {{true}}. |
|{{port}} |0 or 1 |Specifies the port on which the server will listen. The default port number is {{1099}}. |
|{{instance-id}} |0 or 1 |(Only applicable at the instance level.) The value that uniquely identifies the instance for use in cookies. |
|{{key}} |0 or 1 |(Only applicable at the cluster level.) The shared secret which members of the cluster use to authenticate to each other. The value of this subelement should be in text format. |
|{{encrypted}} |0 or 1 |(Only applicable at the cluster level.) Determines whether the session data is encrypted prior to replication. The default value is {{false}}. |
|{{protocol}} |0 or 1 |(Only applicable at the cluster level.) The protocol used for session replication. The value can be {{http}} or {{jrmp}}. |
|{{getAttribute-triggers-replication}} |0 or 1 |(Only applicable at the cluster level.) Determines whether a call to the {{HttpSession.getAttribute}} method should cause a session to be backed up. The default value is {{true}}. |
|{{replica-discovery-max-hops}} |0 or 1 |(Only applicable at the cluster level.) The maximum number of instances that should be contacted while attempting to find the backup of a session. The value can be from 1 to 2147483647, or -1 for no limit. |
|{{startup-discovery-timeout}} |0 or 1 |(Only applicable at the cluster level.) The maximum time (in seconds) that an instance spends trying to contact its designated backup instance. The value can be from 0.001 to 3600. |
|{{cookie-name}} |0 or 1 |(Only applicable at the cluster level.) The name of the cookie that tracks which instance owns a session. |
|{{cipher}} |0 or 1 |(Only applicable at the cluster level.) The value of a JCE cipher. JCE ciphers are specified using the form {{algorithm/mode/padding}}. The value should be in text format. The default value is {{AES/CBC/PKCS5Padding}}. |
h3. {{single-sign-on}} {anchor:s6}
The {{single-sign-on}} element configures a single authentication mapping across multiple Java web applications sharing the same realm. This element may appear zero or one time within the {{virtual-server}} element. For more information, see [{{virtual-server}}|V & W#v2].
h4. Subelements
The {{single-sign-on}} element can contain the following subelements:
Table 3-48 List of {{single-sign-on}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the single-sign-on feature is enabled at runtime. The default value is {{false}}. |
|{{idle-timeout}} |0 or 1 |The timeout (in seconds) after which a user's single sign-on records becomes eligible for purging if no activity is seen. The value can be from 0.001 to 3600, or -1 for no timeout. The default value is {{300 seconds}}. |
h4. See Also
* [#{{servlet-container}}]
* [{{web-app}}|V & W#w1]
h3. {{snmp}} {anchor:s7}
The {{snmp}} element configures the server's SNMP subagent. This element may appear zero or more times within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{snmp}} element can contain the following subelements:
Table 3-49 List of {{snmp}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether SNMP is enabled at runtime. The default value is {{true}}. |
|{{master-host}} |0 or 1 |The network address of the SNMP master agent. The value is a host name or IP address. |
|{{description}} |1 |The description of the server. The value should be in text format. |
|{{organization}} |1 |The name of the organization responsible for the server. The value should be in text format. |
|{{location}} |1 |The location of the server. The value should be in text format. |
|{{contact}} |1 |The contact information of the person responsible for the server. The value should be in text format. |
h4. See Also
[#{{stats}}]
h3. {{soap-auth-provider}} {anchor:s8}
The {{soap-auth-provider}} element configures a SOAP message-level authentication provider for web services. This element may appear zero or more times within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{soap-auth-provider}} element can contain the following subelements:
Table 3-50 List of {{soap-auth-provider}} Subelements
||Element ||Occurrences ||Description ||
|{{name}} |1 |The name that uniquely identifies the SOAP message-level authentication provider for use in {{default-soap-auth-provider-name}} and {{sun-web.xml}}. |
|{{class}} |1 |The class that implements the provider realm. The value is a name of a class that implements {{javax.security.auth.XXX}}. |
|{{request-policy}} |0 or 1 |Configures the authentication policy requirements for requests. For more details, see [{{request-policy}}|R#r1]. |
|{{response-policy}} |0 or 1 |Configures the authentication policy requirements for responses. For more details, see [{{response-policy}}|R#r2]. |
|{{property}} |0 or more |Configures the optional provider-specific properties. For more details, see [{{property}}|P#p3]. |
h3. {{ssl}} {anchor:s9}
The {{ssl}} element configures the SSL/TLS settings. This element may appear zero or one time within the {{http-listener}} element. For more information, see [{{http-listener}}|F & H#h2].
h4. Subelements
The {{ssl}} element can contain the following subelements:
Table 3-51 List of {{ssl}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether SSL/TLS is enabled at runtime. The default value is {{true}}. |
|{{server-cert-nickname}} |0 or more |The nickname of the certificate that server presents to the clients. You can specify zero or one RSA certificates, plus zero or one ECC certificates. |
|{{ssl2}} |0 or 1 |Determines whether SSL2 connections are accepted. The default value is {{false}}. |
|{{ssl3}} |0 or 1 |Determines whether SSL3 connections are accepted. The default value is {{true}}. |
|{{tls}} |0 or 1 |Determines whether TLS connections are accepted. The default value is {{true}}. |
|{{tls-rollback-detection}} |0 or 1 |Determines whether the server detects and blocks TLS version rollback attacks. The default value is {{true}}. |
|{{ssl2-ciphers}} |0 or 1 |Configures the SSL2 cipher suites. For more details, see [#{{ssl2-ciphers}}]. |
|{{ssl3-tls-ciphers}} |0 or 1 |Configures the SSL3 and TLS cipher suites. For more details, see [#{{ssl3-tls-ciphers}}]. |
|{{client-auth}} |0 or 1 |The method of client certificate authentication. The value can be {{required}}, {{optional}}, or {{false}}. |
|{{client-auth-timeout}} |0 or 1 |The timeout (in seconds) after which client authentication handshake fails. The value can be from 0.001 to 3600. |
|{{max-client-auth-data}} |0 or 1 |The maximum amount of application-level data to buffer during a client authentication handshake. The value can be from 0 to 2147483647. |
h4. See Also
* [{{http-listener}}|F & H#h2]
* [{{pkcs11}}|P#p1]
* [#{{ssl2-ciphers}}]
* [#{{ssl3-tls-ciphers}}]
* [#{{ssl-session-cache}}]
h3. {{ssl2-ciphers}} {anchor:s10}
The {{ssl2-ciphers}} element configures SSL2 cipher suites. This element may appear zero or one time within the {{ssl}} element. For more information, see [#{{ssl}}].
h4. Subelements
The {{ssl2-ciphers}} element can contain the following subelements:
Table 3-52 List of {{ssl2-ciphers}} Subelements
||Element ||Occurrences ||Description ||
|{{SSL_RC4_128_WITH_MD5}} |0 or 1 |Determines whether the {{SSL_RC4_128_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RC4_128_EXPORT40_WITH_MD5}} |0 or 1 |Determines whether the {{SSL_RC4_128_EXPORT40_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RC2_128_CBC_WITH_MD5}} |0 to 1 |Determines whether the {{SSL_RC2_128_CBC_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RC2_128_CBC_EXPORT40_WITH_MD5}} |0 or 1 |Determines whether the {{SSL_RC2_128_CBC_EXPORT40_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_DES_64_CBC_WITH_MD5}} |0 to 1 |Determines whether the {{SSL_DES_64_CBC_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_DES_192_EDE3_CBC_WITH_MD5}} |0 to 1 |Determines whether the {{SSL_DES_192_EDE3_CBC_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
h4. See Also
* [{{http-listener}}|F & H#h2]
* [{{pkcs11}}| P#p1]
* [#{{ssl}}]
* [#{{ssl3-tls-ciphers}}]
* [#{{ssl-session-cache}}]
h3. {{ssl3-tls-ciphers}} {anchor:s11}
The {{ssl3-tls-ciphers}} element configures SSL3 and TLS cipher suites. This element may appear zero or one time within the {{ssl}} element. For more information, see [#{{ssl}}].
h4. Subelements
The {{ssl3-tls-ciphers}} element can contain the following subelements:
Table 3-53 List of {{ssl3-tls-ciphers}} Subelements
||Element ||Occurrences ||Description ||
|{{SSL_RSA_WITH_RC4_128_MD5}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_RC4_128_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_WITH_RC4_128_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_RC4_128_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_WITH_DES_CBC_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_DES_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_EXPORT_WITH_RC4_40_MD5}} |0 or 1 |Determines whether the {{SSL_RSA_EXPORT_WITH_RC4_40_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}} |0 or 1 |Determines whether the {{SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_WITH_NULL_MD5}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_NULL_MD5}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{SSL_RSA_WITH_NULL_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_NULL_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_FIPS_WITH_DES_CBC_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_FIPS_WITH_DES_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_ECDH_RSA_WITH_AES_128_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDH_RSA_WITH_AES_128_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDH_RSA_WITH_RC4_128_SHA}} |0 or 1 |Determines whether the {{TLS_ECDH_RSA_WITH_RC4_128_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}} |0 or 1 |Determines whether the {{TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_RSA_WITH_AES_128_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_RSA_WITH_AES_128_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_RSA_WITH_AES_256_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_RSA_WITH_AES_256_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_ECDHE_ECDSA_WITH_NULL_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_NULL_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_RSA_WITH_NULL_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_NULL_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_RSA_WITH_RC4_128_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_RC4_128_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
h4. See Also
* [{{http-listener}}|F & H#h2]
* [{{pkcs11}}|P#p1]
* [#{{ssl}}]
* [#{{ssl-session-cache}}]
h3. {{ssl-session-cache}} {anchor:s12}
The {{ssl-session-cache}} element configures the SSL/TLS session cache. This element may appear zero or one time within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{ssl-session-cache}} element can contain the following subelements:
Table 3-54 List of {{ssl-session-cache}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the server caches SSL/TLS sessions. The default value is {{true}}. |
|{{max-entries}} |0 or 1 |The maximum number of SSL/TLS sessions the server will cache. The value can be from 1 to 524288. |
|{{max-ssl2-session-age}} |0 or 1 |The maximum amount of time to cache an SSL2 session. The value can be from 5 to 100. |
|{{max-ssl3-tls-session-age}} |0 or 1 |The maximum amount of time to cache an SSL3/TLS session. The value can be from 5 to 86400. |
h4. See Also
* [{{http-listener}}|F & H#h2]
* [{{pkcs11}}|P#p1]
* [#{{ssl}}]
* [#{{ssl2-ciphers}}]
* [#{{ssl3-tls-ciphers}}]
h3. {{stats}} {anchor:s13}
The {{stats}} element configures the statistics collection subsystem. This element may appear zero or one time within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{stats}} element can contain the following subelements:
Table 3-55 List of {{stats}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the server collects statistics. The default value is {{true}}. |
|{{interval}} |0 or 1 |Interval (in seconds) at which statistics are updated. The value can be from 0.001 to 3600. |
|{{profiling}} |0 or 1 |Determines whether the performance buckets, used to track NSAPI function execution time, are enabled at runtime. The default value is {{true}}. |
h4. See Also
[#{{snmp}}]
h2. {{server.xml}} elements beginning with S
The following elements are discussed below:
|[#{{search-app}}] |[#{{search-collection}}] |[#{{server}}] |[#{{servlet-container}}] |[#{{session-replication}}] |[#{{single-sign-on}}] |[#{{snmp}}] |
|[#{{soap-auth-provider}}] |[#{{ssl}}] |[#{{ssl2-ciphers}}] |[#{{ssl3-tls-ciphers}}] |[#{{ssl-session-cache}}] |[#{{stats}}] |
h3. {{search-app}} {anchor:s1}
The {{search-app}} element configures the built-in search web application. This element may appear zero or one time within the {{virtual-server}} element. For more information, see [{{virtual-server}}|V & W#v2].
h4. Subelements
The {{search-app}} element can contain the following subelements:
Table 3-43 List of {{search-app}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the search application is enabled at runtime. The default value is {{true}}. |
|{{max-hits}} |0 or 1 |The maximum number of search results to return in response to a single search query. The value can be from 0 to 10000. |
|{{uri}} |1 |The root URI for the search web application. |
h4. See Also
* [{{convert}}|C#c5]
* [{{include}}|I & J#i1]
* [{{index}}|I & J#i2]
* [#{{search-collection}}]
h3. {{search-collection}} {anchor:s2}
The {{search-collection}} element configures a collection of searchable documents. This element may appear zero or more times within the {{virtual-server}} element. For more information, see [{{virtual-server}}|V & W#v2].
h4. Subelements
The {{search-collection}} element can contain the following subelements:
Table 3-44 List of {{search-collection}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the collection can be searched. The default value is {{true}}. |
|{{name}} |1 |The name that uniquely identifies the search collection. |
|{{display-name}} |0 or 1 |The description of the search collection displayed to end users. |
|{{uri}} |1 |The root URI for the searchable documents. |
|{{document-root}} |1 |The file system root for the searchable documents. If a relative path is used, it is relative to the server's {{config}} directory. |
|{{path}} |1 |The file system path where search collection meta data is stored. If a relative path is used, it is relative to the server's {{config}} directory. |
|{{index}} |0 or 1 |Configures the document fields to be indexed. For more details, see [{{index}}|I & J#i2]. |
|{{convert}} |0 or 1 |Configures the document type to be converted. For more details, see [{{convert}}|C#c5]. |
|{{include}} |0 or 1 |Configures document types that should be included. For more details, see [{{include}}|I & J#i1]. |
|{{description}} |0 or 1 |The description of the search collection. |
h4. See Also
* [{{convert}}|C#c5]
* [{{include}}|I & J#i1]
* [{{index}}|I & J#i2]
* [#{{search-app}}]
h3. {{server}} {anchor:s3}
The {{server}} element defines a server. This is the root element, and there can be only one {{server}} element in the {{server.xml}} file.
h4. Subelements
The {{server}} element has the following subelements:
Table 3-45 List of {{server}} Subelements
||Element ||Occurrences ||Description ||
|{{cluster}} |0 or 1 |The server cluster to which the server belongs. For more details, see [{{cluster}}|C#c2]. |
|{{log}} |0 or 1 |Configures the logging subsystem. For more details, see [{{log}}|K & L#l4]. |
|{{user}} |0 or 1 |The account the server runs as (UNIX only). The value is the user account. If the server is started as {{root}}, any UNIX account can be specified. If the server is started by a non-{{root}} account, only that non-{{root}} account should be specified. |
|{{platform}} |0 or 1 |Determines whether the server runs as a 32-bit or 64-bit process. The value can be 32 or 64. |
|{{temp-path}} |0 or 1 |The directory where the server stores its temporary files. If a relative path is used, it is relative to the server's {{config}} directory. The directory must be owned by the account that the server runs as. |
|{{variable}} |0 or more |Defines a variable for use in expressions, log formats, and {{obj.conf}} parameters. For more details, see [{{variable}}|V & W#v1]. |
|{{localization}} |0 or 1 |Configures localization. For more details, see [{{localization}}|K & L#l2]. |
|{{http}} |0 or 1 |Configures the HTTP protocol options. For more details, see [{{http}}|F & H#h1]. |
|{{keep-alive}} |0 or 1 |Configures the HTTP keep-alive subsystem. For more details, see [{{keep-alive}}|K & L#k1]. |
|{{thread-pool}} |0 or 1 |Configures the HTTP request processing threads. For more details, see [{{thread-pool}}|T#t1]. |
|{{pkcs11}} |0 or 1 |Configures the PKCS #11 subsystem. For more details, see [{{pkcs11}}|P#p1]. |
|{{stats}} |0 or 1 |Configures the statistics collection subsystem. For more details, see [#{{stats}}]. |
|{{cgi}} |0 or 1 |Configures the CGI subsystem. For more details, see [{{cgi}}|C#c1]. |
|{{qos}} |0 or 1 |Configures the QOS subsystem. For more details, see [{{qos}}|Q#q1]. |
|{{dns}} |0 or 1 |Configures the server's use of DNS. For more details, see [{{dns}}|D#d7]. |
|{{dns-cache}} |0 or 1 |Configures the DNS cache. For more details, see [{{dns-cache}}|D#d8]. |
|{{file-cache}} |0 or 1 |Configures the file cache. For more details, see [{{file-cache}}|F & H#f1]. |
|{{acl-cache}} |0 or 1 |Configures the ACL cache. For more details, see [{{acl-cache}}|A#a3]. |
|{{ssl-session-cache}} |0 or 1 |Configures the SSL/TLS session cache. For more details, see [#{{ssl-session-cache}}]. |
|{{access-log-buffer}} |0 or 1 |Configures the access log buffering subsystem. For more details, see [{{access-log-buffer}}|A#a2]. |
|{{dav}} |0 or 1 |Configures WebDAV. For more details, see [{{dav}}|D#d1]. |
|{{snmp}} |0 or 1 |Configures SNMP. For more details, see [#{{snmp}}]. |
|{{qos-limits}} |0 or 1 |Configures the QOS limits for the server. For more details, see [{{qos-limits}}|Q#q2]. |
|{{audit-accesses}} |0 or 1 |Specifies whether authentication and authorization events are logged. The default value is {{false}}. |
|{{jvm}} |0 or 1 |Configures JVM. For more details, see [{{jvm}}|I & J#j2]. |
|{{servlet-container}} |0 or 1 |Configures the Servlet container. For more details, see [#{{servlet-container}}]. |
|{{lifecycle-module}} |0 or more |Configures a Java server lifecycle module. For more details, see [{{lifecycle-module}}|K & L#l1]. |
|{{custom-resource}} |0 or more |Configures a resource implemented by a custom class. For more details, see [{{custom-resource}}|C#c6]. |
|{{external-jndi-resource}} |0 or more |Configures a resource provided by an external JNDI repository. For more details, see [{{external-jndi-resource}}|E#e3]. |
|{{jdbc-resource}} |0 or more |Configures a JDBC resource. For more details, see [{{jdbc-resource}}|I & J#j1]. |
|{{mail-resource}} |0 or more |Configures a mail store. For more details, see [{{mail-resource}}|M#m1]. |
|{{default-soap-auth-provider-name}} |0 or 1 |The name of the default SOAP message-level authentication provider. The value is the {{name}} value from a {{soap-auth-provider}} element. For more details, see [{{default-soap-auth-provider-name}}|D#d5] |
|{{soap-auth-provider}} |0 or more |Configures a SOAP message-level authentication provider. For more details, see [#{{soap-auth-provider}}]. |
|{{default-auth-realm-name}} |0 or 1 |The name of the default Servlet container authentication realm. The value is the {{name}} value from an {{auth-realm}} element. For more details, see [{{auth-realm}}|A#a9]. |
|{{auth-realm}} | 0 or more |Configures a Servlet container authentication realm. For more details, see [{{auth-realm}}|A#a9]. |
|{{default-auth-db-name}} |0 or 1 |The name of the default ACL authentication database. The value is the {{name}} value from an {{auth-db}} element, and the default value is {{default}}. For more details, see [{{auth-db}}|A#a8]. |
|{{auth-db}} |0 or more |Configures an ACL authentication database for the server. For more details, see [{{auth-db}}|A#a8]. |
|{{acl-file}} |0 or more |The ACL file that controls access to the server. The value is the name of an ACL file. For more details, see [{{acl-file}}|A#a5]. |
|{{mime-file}} |0 or more |The {{mime.types}} file that configures MIME mappings for the server as a whole. The value is the name of a {{mime.types}} file. For more details, see [{{mime-file}}|M#m2]. |
|{{access-log}} | 0 or more |Configures an HTTP access log for the server. For more details, see [{{access-log}}|A#a1]. |
|{{http-listener}} |0 or more |Configures an HTTP listener. For more details, see [{{http-listener}}|F & H#h2]. |
|{{virtual-server}} |0 or more |Configures a virtual server. For more details, see [{{virtual-server}}|V & W#v2]. |
|{{event}} |0 or more |Configures a recurring event. For more details, see [{{event}}|E#e2]. |
h3. {{servlet-container}} {anchor:s4}
The {{servlet-container}} element configures the Servlet container. This element may appear zero or one time within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{servlet-container}} element can contain the following subelements:
Table 3-46 List of {{servlet-container}} Subelements
||Element ||Occurrences ||Description ||
|{{dynamic-reload-interval}} |0 or 1 |Specifies how often the server checks the deployed web applications for modifications. The value can be from 1 to 60, or 0 to disable dynamic reloading. |
|{{log-level}} |0 or 1 |The log verbosity for the Servlet container. The value can be {{finest}} (most verbose), {{finer}}, {{fine}}, {{info}}, {{warning}}, {{failure}}, {{config}}, {{security}}, or {{catastrophe}} (least verbose). |
|{{anonymous-role}} |0 or 1 |The name of the default, or anonymous role assigned to all principals. The default role is {{ANYONE}}. |
|{{single-threaded-servlet-pool-size}} |0 or 1 |The number of Servlet instances to instantiate per {{SingleThreadedServlet}}. The value can be from 1 to 4096. The default value is {{5}}. |
|{{cross-context-allowed}} |0 or 1 |Determines whether request dispatchers are allowed to dispatch to another context. The default is {{true}}. |
|{{reuse-session-id}} |0 or 1 |Determines whether any existing session ID number is reused when creating a new session for that client. The default value is {{false}}. |
|{{encode-cookies}} |0 or 1 |Determines whether the Servlet container encodes cookie values. The default value is {{true}}. |
|{{dispatcher-max-depth}} |0 or 1 |The maximum depth for the Servlet container allowing nested request dispatches. The value can be from 0 to 2147483647. The default value is {{20}}. |
|{{secure-session-cookie}} |0 or 1 |
Controls the conditions under which the {{JSESSIONID}} cookie is marked secure. The value can be as follows:
* {{dynamic}} – Marks the cookie secure only when the request is received on a secure connection
* {{true}} - Always marks the cookie secure
* {{false}} – Never marks the cookie secure
The default value is {{dynamic}}. |
h4. See Also
* [{{auth-realm}}|A#a9]
* [{{default-auth-realm-name}}|D#d4]
* [{{jvm}}|I & J#j2]
* [#{{single-sign-on}}]
* [{{web-app}}|V & W#w1]
h3. {{session-replication}} {anchor:s5}
The {{session-replication}} element configures Servlet session replication within a server cluster. This element may appear zero or one time within the {{cluster}} element, and zero or one time within the {{instance}} element. For more information, see [{{cluster}}|C#c2], and [{{instance}}|I & J#i3].
h4. Subelements
The {{session-replication}} element can contain the following subelements:
Table 3-47 List of {{session-replication}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the session replication is enabled at runtime. The default value is {{true}}. |
|{{port}} |0 or 1 |Specifies the port on which the server will listen. The default port number is {{1099}}. |
|{{instance-id}} |0 or 1 |(Only applicable at the instance level.) The value that uniquely identifies the instance for use in cookies. |
|{{key}} |0 or 1 |(Only applicable at the cluster level.) The shared secret which members of the cluster use to authenticate to each other. The value of this subelement should be in text format. |
|{{encrypted}} |0 or 1 |(Only applicable at the cluster level.) Determines whether the session data is encrypted prior to replication. The default value is {{false}}. |
|{{protocol}} |0 or 1 |(Only applicable at the cluster level.) The protocol used for session replication. The value can be {{http}} or {{jrmp}}. |
|{{getAttribute-triggers-replication}} |0 or 1 |(Only applicable at the cluster level.) Determines whether a call to the {{HttpSession.getAttribute}} method should cause a session to be backed up. The default value is {{true}}. |
|{{replica-discovery-max-hops}} |0 or 1 |(Only applicable at the cluster level.) The maximum number of instances that should be contacted while attempting to find the backup of a session. The value can be from 1 to 2147483647, or -1 for no limit. |
|{{startup-discovery-timeout}} |0 or 1 |(Only applicable at the cluster level.) The maximum time (in seconds) that an instance spends trying to contact its designated backup instance. The value can be from 0.001 to 3600. |
|{{cookie-name}} |0 or 1 |(Only applicable at the cluster level.) The name of the cookie that tracks which instance owns a session. |
|{{cipher}} |0 or 1 |(Only applicable at the cluster level.) The value of a JCE cipher. JCE ciphers are specified using the form {{algorithm/mode/padding}}. The value should be in text format. The default value is {{AES/CBC/PKCS5Padding}}. |
h3. {{single-sign-on}} {anchor:s6}
The {{single-sign-on}} element configures a single authentication mapping across multiple Java web applications sharing the same realm. This element may appear zero or one time within the {{virtual-server}} element. For more information, see [{{virtual-server}}|V & W#v2].
h4. Subelements
The {{single-sign-on}} element can contain the following subelements:
Table 3-48 List of {{single-sign-on}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the single-sign-on feature is enabled at runtime. The default value is {{false}}. |
|{{idle-timeout}} |0 or 1 |The timeout (in seconds) after which a user's single sign-on records becomes eligible for purging if no activity is seen. The value can be from 0.001 to 3600, or -1 for no timeout. The default value is {{300 seconds}}. |
h4. See Also
* [#{{servlet-container}}]
* [{{web-app}}|V & W#w1]
h3. {{snmp}} {anchor:s7}
The {{snmp}} element configures the server's SNMP subagent. This element may appear zero or more times within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{snmp}} element can contain the following subelements:
Table 3-49 List of {{snmp}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether SNMP is enabled at runtime. The default value is {{true}}. |
|{{master-host}} |0 or 1 |The network address of the SNMP master agent. The value is a host name or IP address. |
|{{description}} |1 |The description of the server. The value should be in text format. |
|{{organization}} |1 |The name of the organization responsible for the server. The value should be in text format. |
|{{location}} |1 |The location of the server. The value should be in text format. |
|{{contact}} |1 |The contact information of the person responsible for the server. The value should be in text format. |
h4. See Also
[#{{stats}}]
h3. {{soap-auth-provider}} {anchor:s8}
The {{soap-auth-provider}} element configures a SOAP message-level authentication provider for web services. This element may appear zero or more times within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{soap-auth-provider}} element can contain the following subelements:
Table 3-50 List of {{soap-auth-provider}} Subelements
||Element ||Occurrences ||Description ||
|{{name}} |1 |The name that uniquely identifies the SOAP message-level authentication provider for use in {{default-soap-auth-provider-name}} and {{sun-web.xml}}. |
|{{class}} |1 |The class that implements the provider realm. The value is a name of a class that implements {{javax.security.auth.XXX}}. |
|{{request-policy}} |0 or 1 |Configures the authentication policy requirements for requests. For more details, see [{{request-policy}}|R#r1]. |
|{{response-policy}} |0 or 1 |Configures the authentication policy requirements for responses. For more details, see [{{response-policy}}|R#r2]. |
|{{property}} |0 or more |Configures the optional provider-specific properties. For more details, see [{{property}}|P#p3]. |
h3. {{ssl}} {anchor:s9}
The {{ssl}} element configures the SSL/TLS settings. This element may appear zero or one time within the {{http-listener}} element. For more information, see [{{http-listener}}|F & H#h2].
h4. Subelements
The {{ssl}} element can contain the following subelements:
Table 3-51 List of {{ssl}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether SSL/TLS is enabled at runtime. The default value is {{true}}. |
|{{server-cert-nickname}} |0 or more |The nickname of the certificate that server presents to the clients. You can specify zero or one RSA certificates, plus zero or one ECC certificates. |
|{{ssl2}} |0 or 1 |Determines whether SSL2 connections are accepted. The default value is {{false}}. |
|{{ssl3}} |0 or 1 |Determines whether SSL3 connections are accepted. The default value is {{true}}. |
|{{tls}} |0 or 1 |Determines whether TLS connections are accepted. The default value is {{true}}. |
|{{tls-rollback-detection}} |0 or 1 |Determines whether the server detects and blocks TLS version rollback attacks. The default value is {{true}}. |
|{{ssl2-ciphers}} |0 or 1 |Configures the SSL2 cipher suites. For more details, see [#{{ssl2-ciphers}}]. |
|{{ssl3-tls-ciphers}} |0 or 1 |Configures the SSL3 and TLS cipher suites. For more details, see [#{{ssl3-tls-ciphers}}]. |
|{{client-auth}} |0 or 1 |The method of client certificate authentication. The value can be {{required}}, {{optional}}, or {{false}}. |
|{{client-auth-timeout}} |0 or 1 |The timeout (in seconds) after which client authentication handshake fails. The value can be from 0.001 to 3600. |
|{{max-client-auth-data}} |0 or 1 |The maximum amount of application-level data to buffer during a client authentication handshake. The value can be from 0 to 2147483647. |
h4. See Also
* [{{http-listener}}|F & H#h2]
* [{{pkcs11}}|P#p1]
* [#{{ssl2-ciphers}}]
* [#{{ssl3-tls-ciphers}}]
* [#{{ssl-session-cache}}]
h3. {{ssl2-ciphers}} {anchor:s10}
The {{ssl2-ciphers}} element configures SSL2 cipher suites. This element may appear zero or one time within the {{ssl}} element. For more information, see [#{{ssl}}].
h4. Subelements
The {{ssl2-ciphers}} element can contain the following subelements:
Table 3-52 List of {{ssl2-ciphers}} Subelements
||Element ||Occurrences ||Description ||
|{{SSL_RC4_128_WITH_MD5}} |0 or 1 |Determines whether the {{SSL_RC4_128_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RC4_128_EXPORT40_WITH_MD5}} |0 or 1 |Determines whether the {{SSL_RC4_128_EXPORT40_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RC2_128_CBC_WITH_MD5}} |0 to 1 |Determines whether the {{SSL_RC2_128_CBC_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RC2_128_CBC_EXPORT40_WITH_MD5}} |0 or 1 |Determines whether the {{SSL_RC2_128_CBC_EXPORT40_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_DES_64_CBC_WITH_MD5}} |0 to 1 |Determines whether the {{SSL_DES_64_CBC_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_DES_192_EDE3_CBC_WITH_MD5}} |0 to 1 |Determines whether the {{SSL_DES_192_EDE3_CBC_WITH_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
h4. See Also
* [{{http-listener}}|F & H#h2]
* [{{pkcs11}}| P#p1]
* [#{{ssl}}]
* [#{{ssl3-tls-ciphers}}]
* [#{{ssl-session-cache}}]
h3. {{ssl3-tls-ciphers}} {anchor:s11}
The {{ssl3-tls-ciphers}} element configures SSL3 and TLS cipher suites. This element may appear zero or one time within the {{ssl}} element. For more information, see [#{{ssl}}].
h4. Subelements
The {{ssl3-tls-ciphers}} element can contain the following subelements:
Table 3-53 List of {{ssl3-tls-ciphers}} Subelements
||Element ||Occurrences ||Description ||
|{{SSL_RSA_WITH_RC4_128_MD5}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_RC4_128_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_WITH_RC4_128_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_RC4_128_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_WITH_DES_CBC_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_DES_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_EXPORT_WITH_RC4_40_MD5}} |0 or 1 |Determines whether the {{SSL_RSA_EXPORT_WITH_RC4_40_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}} |0 or 1 |Determines whether the {{SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_WITH_NULL_MD5}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_NULL_MD5}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{SSL_RSA_WITH_NULL_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_WITH_NULL_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{SSL_RSA_FIPS_WITH_DES_CBC_SHA}} |0 or 1 |Determines whether the {{SSL_RSA_FIPS_WITH_DES_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_ECDH_RSA_WITH_AES_128_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDH_RSA_WITH_AES_128_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDH_RSA_WITH_RC4_128_SHA}} |0 or 1 |Determines whether the {{TLS_ECDH_RSA_WITH_RC4_128_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}} |0 or 1 |Determines whether the {{TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_RSA_WITH_AES_128_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_RSA_WITH_AES_128_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_RSA_WITH_AES_256_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_RSA_WITH_AES_256_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{true}}. |
|{{TLS_ECDHE_ECDSA_WITH_NULL_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_NULL_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_RSA_WITH_NULL_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_NULL_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_RSA_WITH_RC4_128_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_RC4_128_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
|{{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}} |0 or 1 |Determines whether the {{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}} cipher suite is enabled at runtime. The default value is {{false}}. |
h4. See Also
* [{{http-listener}}|F & H#h2]
* [{{pkcs11}}|P#p1]
* [#{{ssl}}]
* [#{{ssl-session-cache}}]
h3. {{ssl-session-cache}} {anchor:s12}
The {{ssl-session-cache}} element configures the SSL/TLS session cache. This element may appear zero or one time within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{ssl-session-cache}} element can contain the following subelements:
Table 3-54 List of {{ssl-session-cache}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the server caches SSL/TLS sessions. The default value is {{true}}. |
|{{max-entries}} |0 or 1 |The maximum number of SSL/TLS sessions the server will cache. The value can be from 1 to 524288. |
|{{max-ssl2-session-age}} |0 or 1 |The maximum amount of time to cache an SSL2 session. The value can be from 5 to 100. |
|{{max-ssl3-tls-session-age}} |0 or 1 |The maximum amount of time to cache an SSL3/TLS session. The value can be from 5 to 86400. |
h4. See Also
* [{{http-listener}}|F & H#h2]
* [{{pkcs11}}|P#p1]
* [#{{ssl}}]
* [#{{ssl2-ciphers}}]
* [#{{ssl3-tls-ciphers}}]
h3. {{stats}} {anchor:s13}
The {{stats}} element configures the statistics collection subsystem. This element may appear zero or one time within the {{server}} element. For more information, see [#{{server}}].
h4. Subelements
The {{stats}} element can contain the following subelements:
Table 3-55 List of {{stats}} Subelements
||Element ||Occurrences ||Description ||
|{{enabled}} |0 or 1 |Determines whether the server collects statistics. The default value is {{true}}. |
|{{interval}} |0 or 1 |Interval (in seconds) at which statistics are updated. The value can be from 0.001 to 3600. |
|{{profiling}} |0 or 1 |Determines whether the performance buckets, used to track NSAPI function execution time, are enabled at runtime. The default value is {{true}}. |
h4. See Also
[#{{snmp}}]