Specifying Cipher Suites for Use with SSL
Integration Server provides server configuration parameters that you can use to specify the cipher suites that can be used with inbound and outbound SSL requests.
Server Configuration Parameter | Description |
watt.net.jsse.client.enabledCipherSuiteList | Specifies the cipher suites used on JSSE sockets that are used while making outbound HTTPS or FTPS requests. |
watt.net.jsse.server.enabledCipherSuiteList | Specifies the cipher suites used on Integration Server ports that use JSSE and handle inbound requests. |
watt.net.ssl.client.cipherSuiteList | Specifies the cipher suites for outbound SSL connections. |
watt.net.ssl.server.cipherSuiteList | Specifies the cipher suites for inbound SSL connections. |
While the above parameters use a comma-separated list to identify the allowed cipher suites, you can also use a file as the value for any of the parameters. Using a file can make it easier to specify a long list of cipher suites.
Keep the following information in mind when using a file to specify the allowed cipher suites:
In the file, specify each cipher suite on a different line.
For each cipher suite server configuration property for which you want to specify a file instead of a list of cipher suites, specify the following as the value of the property:
file:directoryName\filename
For example: watt.net.jsse.server.enabledCipherSuiteList=file:c:\ssl\ciphers.txt
Integration Server loads the file and its list of supported cipher suites at start up. Changes to the contents of the file that are made after
Integration Server starts will not take effect until the next time
Integration Server starts.
You can set the value of a cipher suite server configuration parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these for a single parameter.