Question & Answer
Question
How can I enable Elliptical Curve Cryptography (ECC) ciphers in Websphere Application Server 8.5?
I cannot see or select the ECDHE ciphers from the Admin Console, under Security > SSL certificate and key management > SSL configurations > "your SSL configuration" > Quality of protection (QoP) settings.
Cause
The peer will close the connection if it finds a cipher that it does not understand, so EC ciphers were removed (that time) from WAS.
Answer
When this property is not set or is set to false, the application server does not include ECC ciphers. Set the property to true to include ECC ciphers in the list of default cipher suites. If SP800-131a or Suite B is enabled then ECC ciphers are always included.
If you want to enable them please see the following steps.
com.ibm.websphere.ssl.include.ECCiphers = true
Example steps
Deployment Manager 1. In the Administration Console, select System Administration 2. Select Deployment Manager in the Server Infrastructure section 3. Expand Java and Process Management and select Process Definition. 4. Under the Additional Properties section, click Java Virtual Machine. 5. Scroll down and locate the textbox for Generic JVM arguments. 6. Click on custom properties 7. Click new name: com.ibm.websphere.ssl.include.ECCiphers vlaue : true 8. Click ok and save then restart the DMGR. |
If running a Network Deployment installation, please also enable for the nodeagent and application server under Generic JVM arguments.
IBM Setting generic JVM arguments in WebSphere Application Server - United States http://www-01.ibm.com/support/docview.wss
Details of this com.ibm.websphere.ssl.include.ECCiphers check the following KnowlegdeCenter link
Security custom properties:
If you want to add EC ciphers, then you must customize the cipher list under CelldefaultSSLsetting or NodedefaultSSLsetting. Depending on your environment setup. Please see the given below YouTube video.
Another Solution: IBM Recommends to upgrade Latest WAS 8.5.5.16 fix pack. ECC ciphers will be enabled by default. Note: you don't need to perform above steps If you upgrade your environment to latest fix pack 8.5.5.16 https://www.ibm.com/support/pages/latest-fix-packs-websphere-application-server |
Was this topic helpful?
Document Information
Modified date:
28 October 2019
UID
ibm11098909