Specifying Cipher Suites for Use with SSL

Software AG Products 10.7 | Integrating On-Premises and Cloud Applications | Administering Integration Server | Configuring Integration Server for Secure Communications | Specifying Cipher Suites for Use with SSL

You control the cipher suites that can be used with inbound and outbound SSL requests using server configuration parameters provided by Integration Server.

The following table identifies the server configuration parameters that control cipher suite usage for inbound and outbound SSL connections.

Server Configuration Parameter	Description
watt.net.jsse.client.enabledCipherSuiteList	Specifies the cipher suites for outbound SSL connections when JSSE is enabled or used.
watt.net.jsse.server.enabledCipherSuiteList	Specifies the cipher suites used for inbound SSL connections when JSSE is enabled or used.
watt.net.jsse.server.useCipherSuitesOrder	When set to true, specifies that Integration Server honors the cipher suites order set in watt.net.jsse.server.enabledCipherSuiteList during the SSL/TLS handshake.
watt.net.ssl.client.cipherSuiteList	Specifies the cipher suites for outbound SSL connections when JSSE is not in use.
watt.net.ssl.server.cipherSuiteList	Specifies the cipher suites for inbound SSL connections when JSSE is not in use.

While the server configuration parameters for setting allowed cipher suites use a comma-separated list to identify the allowed cipher suites, you can also use a file as the value for any of the parameters. Using a file can make it easier to specify a long list of cipher suites.

Keep the following information in mind when using a file to specify the allowed cipher suites:

In the file, specify each cipher suite on a different line.

For each cipher suite server configuration property for which you want to specify a file instead of a list of cipher suites, specify the following as the value of the property:

file:directoryName\filename

For example: watt.net.jsse.server.enabledCipherSuiteList=file:c:\ssl\ciphers.txt

Integration Server loads the file and its list of supported cipher suites at start up. Changes to the contents of the file that are made after Integration Server starts will not take effect until the next time Integration Server starts.

You can set the value of a cipher suite server configuration parameter to a comma-separated list, default, or the absolute path to a file. You cannot specify a combination of these for a single parameter.

Note:
When the logging facility 0006 Server SSL Interface is set to the Trace logging level, Integration Server writes messages about the enabled cipher suites whenever an inbound or outbound port starts.