Security Properties
The following properties control the behavior of Secure Sockets Layer (SSL) and other security settings. Some protocols such can use SSL to ensure secure communication. Properties in this section apply to resources that use SSL.
bw.plugin.security.strongcipher.minstrength
The bw.plugin.security.strongcipher.minstrength
property specifies the cipher suites that you want to exclude when the Strong Cipher Suites Only checkbox is checked in an SSL configuration. This property allows you to choose the types of cipher suites you want to disable. Equivalent key strength is considered for example ciphers like 3DES using 168 bits would be equivalent to an equivalent key length of 112 bits. The default value of this property is DISABLED_CIPHERS_BELOW_128_BIT. This property is also only applicable for resources that have the Strong Cipher Suites Only field checked.
The following are the valid values for this property:
Property Value |
Description |
|
Cipher suites that are suitable for export out of the United States are disabled. This list of exportable cipher suites is controlled by the US government. This usually refers to asymmetric algorithms (such as RSA) with a key of modulus lower than 512 bits or symmetric algorithms (such as DES) of key length 40 or lower. Typically exportable cipher suites contain _EXPORT_ in the suite name, but this is not always the case. |
|
Cipher suites whose key length (or equivalent) is below 128 bits are disabled. |
|
Cipher suites whose key length (or equivalent) is 128 bits or less are disabled. |
|
Cipher suites whose key length (or equivalent) is below 256 bits are disabled. |
By default, the jurisdiction policy files shipped with ActiveMatrix BusinessWorks are not unlimited strength. When you disable lower strength cipher suites, you may receive an error suggesting that you should upgrade your policy files. To download and install unlimited strength policy files, perform these steps:
Procedure
1. | Download the required files from the following website: |
For all platforms except IBM: http://java.sun.com/javase/downloads/index.jsp
For IBM platforms: https://www14.software.ibm.com/webapp/iwm/web/reg/pick.do?source=jcesdk&lang=en_US
2. | Unzip jce_policy-1_7_0.zip . |
3. | Copy US_export_policy.jar and local_policy.jar to: TIBCO_home \jre\1.7.0\lib\security . |