Specifying Cipher Suites for Use with SSL
You control the cipher suites that can be used with inbound and outbound SSL requests using server configuration parameters provided by Integration Server.
The following table identifies the server configuration parameters that control cipher suite usage for inbound and outbound SSL connections.
Server Configuration Parameter | Description |
watt.net.jsse.client.enabledCipherSuiteList | Specifies the cipher suites for outbound SSL connections when JSSE is enabled or used. |
watt.net.jsse.server.enabledCipherSuiteList | Specifies the cipher suites used for inbound SSL connections when JSSE is enabled or used. |
watt.net.jsse.server.useCipherSuitesOrder | When set to true, specifies that Integration Server honors the cipher suites order set in watt.net.jsse.server.enabledCipherSuiteList during the SSL/TLS handshake. |
watt.net.ssl.client.cipherSuiteList | Specifies the cipher suites for outbound SSL connections when JSSE is not in use. |
watt.net.ssl.server.cipherSuiteList | Specifies the cipher suites for inbound SSL connections when JSSE is not in use. |
While the server configuration parameters for setting allowed cipher suites use a comma-separated list to identify the allowed cipher suites, you can also use a file as the value for any of the parameters. Using a file can make it easier to specify a long list of cipher suites.
Keep the following information in mind when using a file to specify the allowed cipher suites:
In the file, specify each cipher suite on a different line.
For each cipher suite server configuration property for which you want to specify a file instead of a list of cipher suites, specify the following as the value of the property:
file:directoryName\filename
For example: watt.net.jsse.server.enabledCipherSuiteList=file:c:\ssl\ciphers.txt
Integration Server loads the file and its list of supported cipher suites at start up. Changes to the contents of the file that are made after
Integration Server starts will not take effect until the next time
Integration Server starts.
You can set the value of a cipher suite server configuration parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these for a single parameter.
Note:
When the logging facility 0006 Server SSL Interface is set to the Trace logging level, Integration Server writes messages about the enabled cipher suites whenever an inbound or outbound port starts.