OpenSSL Cryptography

Cipher strings indicate what kind of cryptographic algorithm is used. Common cipher strings to use with webMethods Broker are as follows:

Cipher String	Description
HIGH:eNULL:@STRENGTH (default)	Uses algorithms with key lengths larger than 128 bits, some cipher suites with 128-bit keys, and plain text; algorithms are then sorted by strength and the strongest is used.
ALL	Uses all cipher suites, but does not allow unencrypted data.
ALL:eNULL:!EXP	Uses all cipher suites except export ciphers (that is, uses stronger encryption).

Note:
The complete list of OpenSSL cipher strings is available on http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS.

Only advanced users should change the cipher suites for SSL authentication from the default settings to ensure authentication is not incorrectly configured.

If you select a cipher suite that is not supported, you will get error during the following operations:

Setting a cipher suite that OpenSSL does not support.

Performing SSL handshake when the cipher suite is not supported because of another run-time setting. For example, if the protocol is limited to TSLv1.1, some of the ciphers are restricted even though the OpenSSL library supports it.

If you change the cipher suite, Software AG recommends you to test the connectivity of the clients that are using SSL to connect to Broker.