Enabling cipher suites
You can enable a list of cipher suites that are used during the secure information exchange between the IBM® Control Center engine and the console or the web start console.
Before you begin
- Ensure that the secure connection between the IBM Control Center engine and the console works.
- Ensure that the cipher suites that you add in the engine.properties file are supported by the console JRE. For more information, see the Sun JSSE Provider on the Oracle website.
- Ensure that the cipher suites that you add in the engine.properties file are supported by the engine IBM JRE.
- If stronger algorithms are needed (for example, AES with 256-bit keys), obtain the JCE Unlimited
Strength Jurisdiction Policy Files and install the files in the JDK/JRE. Important: Verify that this action is permissible under local regulations. For more information, see Import Limits on Cryptographic Algorithms on the Oracle website.
- Log in to the IBM marketing site and download the unrestricted IBM JCE policy files, if necessary.
- Copy the local_policy.jar file and the US_export_policy.jar file from the JCE file that you downloaded in to the installation directory/jre/lib/security.
- Ensure that the cipher suites that you add in the engine.properties file are negotiable cipher suites with the IBM Control Center engine. Otherwise, the connection might fail with the following message: handshake_failure, no cipher suites in common.
- Ensure that the key authentication algorithm in the cipher suites that you add in the engine.properties file is matches the key algorithm in your keystore. Otherwise, the connection might fail with the following message: handshake_failure, no cipher suites in common.
About this task
The engine.properties file in installation
directory/conf contains properties that are used to specify the cipher suites
that are used by IBM Control
Center. Edit the
https.cipherSuites key in the file to specify the cipher suites that are enabled.
The engine.properties file contains an example of a commented
https.cipherSuites key that you can uncomment and modify for your use. The
following example provides a sample engine.properties file that shows the
https.cipherSuites key
section:
...
########## The https.cipherSuites property in this section is used for configurable cipher suites #############
# Example:
# https.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5
...