Enabling cipher suites

You can enable a list of cipher suites that are used during the secure information exchange between the IBM® Control Center engine and the console or the web start console.

Before you begin

  • Ensure that the secure connection between the IBM Control Center engine and the console works.
  • Ensure that the cipher suites that you add in the engine.properties file are supported by the console JRE. For more information, see the Sun JSSE Provider on the Oracle website.
  • Ensure that the cipher suites that you add in the engine.properties file are supported by the engine IBM JRE.
  • If stronger algorithms are needed (for example, AES with 256-bit keys), obtain the JCE Unlimited Strength Jurisdiction Policy Files and install the files in the JDK/JRE.
    Important: Verify that this action is permissible under local regulations. For more information, see Import Limits on Cryptographic Algorithms on the Oracle website.
  • Log in to the IBM marketing site and download the unrestricted IBM JCE policy files, if necessary.
  • Copy the local_policy.jar file and the US_export_policy.jar file from the JCE file that you downloaded in to the installation directory/jre/lib/security.
  • Ensure that the cipher suites that you add in the engine.properties file are negotiable cipher suites with the IBM Control Center engine. Otherwise, the connection might fail with the following message: handshake_failure, no cipher suites in common.
  • Ensure that the key authentication algorithm in the cipher suites that you add in the engine.properties file is matches the key algorithm in your keystore. Otherwise, the connection might fail with the following message: handshake_failure, no cipher suites in common.

About this task

The engine.properties file in installation directory/conf contains properties that are used to specify the cipher suites that are used by IBM Control Center. Edit the https.cipherSuites key in the file to specify the cipher suites that are enabled. The engine.properties file contains an example of a commented https.cipherSuites key that you can uncomment and modify for your use. The following example provides a sample engine.properties file that shows the https.cipherSuites key section:
...
########## The https.cipherSuites property in this section is used for configurable cipher suites #############
# Example:
#   https.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5
...

Procedure

  1. View the engine.properties file.
    Tip: On a Windows operating system, you can use a text editor to view and edit the engine.properties file.
  2. Edit the https.cipherSuites key to provide a comma-separated list of cipher suites.
  3. Restart the console or the web start console.
    Important: Be sure to empty the temporary files and cached application in the Java control panel.

What to do next

Use HTTPS connections between the IBM Control Center engine and the console or the web start console
Parent topic: Configure secure connections
Related reference:
engine.properties file properties