Supported Cipher Suites for Java Clients
Java clients support only the cipher suites listed in the following table. For convenience, the table lists both the Java name and the OpenSSL name for each cipher suite. For Java clients, restrictions apply to some of the newer cipher suites. Using these may require adjustments to some of the following: JVM version, JVM vendor, JCE unlimited strength jurisdiction policy files, the java.security properties file, and X509 certificate digital signature algorithms. For details, contact TIBCO Support.
| Java Name (OpenSSL Name) | Protocol Version | Key Exch | Auth | Encrypt | Key Size | MAC |
|---|---|---|---|---|---|---|
| SSL_RSA_WITH_RC4_128_SHA (RC4-SHA) | ||||||
| SSLv3 | RSA | RSA | RC4 | 128 | SHA1 | |
| SSL_RSA_WITH_3DES_EDE_CBC_SHA (DES-CBC3-SHA) | ||||||
| SSLv3 | RSA | RSA | 3DES | 168 | SHA1 | |
| SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA (EDH-RSA-DES-CBC3-SHA) | ||||||
| SSLv3 | DH | RSA | 3DES | 168 | SHA1 | |
| SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA (EDH-DSS-DES-CBC3-SHA) | ||||||
| SSLv3 | DH | DSS | 3DES | 168 | SHA1 | |
| TLS_RSA_WITH_AES_128_CBC_SHA (AES128-SHA) | ||||||
| SSLv3 | RSA | RSA | AES | 128 | SHA1 | |
| TLS_RSA_WITH_AES_256_CBC_SHA (AES256-SHA) | ||||||
| SSLv3 | RSA | RSA | AES | 256 | SHA1 | |
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA (DHE-DSS-AES128-SHA) | ||||||
| SSLv3 | DH | DSS | AES | 128 | SHA1 | |
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA (DHE-DSS-AES256-SHA) | ||||||
| SSLv3 | DH | DSS | AES | 256 | SHA1 | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (DHE-RSA-AES128-SHA) | ||||||
| SSLv3 | DH | RSA | AES | 128 | SHA1 | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (DHE-RSA-AES256-SHA) | ||||||
| SSLv3 | DH | RSA | AES | 256 | SHA1 | |
| TLS_RSA_WITH_AES_128_CBC_SHA256 (AES128-SHA256) | ||||||
| TLSv1.2 | RSA | RSA | AES | 128 | SHA256 | |
| TLS_RSA_WITH_AES_256_CBC_SHA256 (AES256-SHA256) | ||||||
| TLSv1.2 | RSA | RSA | AES | 256 | SHA256 | |
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (DHE-DSS-AES128-SHA256) | ||||||
| TLSv1.2 | DH | DSS | AES | 128 | SHA256 | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (DHE-RSA-AES128-SHA256) | ||||||
| TLSv1.2 | DH | RSA | AES | 128 | SHA256 | |
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (DHE-DSS-AES256-SHA256) | ||||||
| TLSv1.2 | DH | DSS | AES | 256 | SHA256 | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (DHE-RSA-AES256-SHA256) | ||||||
| TLSv1.2 | DH | RSA | AES | 256 | SHA256 | |
| TLS_RSA_WITH_AES_128_GCM_SHA256 (AES128-GCM-SHA256) | ||||||
| TLSv1.2 | RSA | RSA | AESGCM | 128 | AEAD | |
| TLS_RSA_WITH_AES_256_GCM_SHA384 (AES256-GCM-SHA384) | ||||||
| TLSv1.2 | RSA | RSA | AESGCM | 256 | AEAD | |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (DHE-RSA-AES128-GCM-SHA256) | ||||||
| TLSv1.2 | DH | RSA | AESGCM | 128 | AEAD | |
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (DHE-RSA-AES256-GCM-SHA384) | ||||||
| TLSv1.2 | DH | RSA | AESGCM | 256 | AEAD | |
| TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (DHE-DSS-AES128-GCM-SHA256) | ||||||
| TLSv1.2 | DH | DSS | AESGCM | 128 | AEAD | |
| TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (DHE-DSS-AES256-GCM-SHA384) | ||||||
| TLSv1.2 | DH | DSS | AESGCM | 256 | AEAD | |
| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (ECDHE-ECDSA-RC4-SHA) | ||||||
| SSLv3 | ECDH | ECDSA | RC4 | 128 | SHA1 | |
| TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (ECDHE-ECDSA-DES-CBC3-SHA) | ||||||
| SSLv3 | ECDH | ECDSA | 3DES | 168 | SHA1 | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ECDHE-ECDSA-AES128-SHA) | ||||||
| SSLv3 | ECDH | ECDSA | AES | 128 | SHA1 | |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ECDHE-ECDSA-AES256-SHA) | ||||||
| SSLv3 | ECDH | ECDSA | AES | 256 | SHA1 | |
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (ECDHE-RSA-RC4-SHA) | ||||||
| SSLv3 | ECDH | RSA | RC4 | 128 | SHA1 | |
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (ECDHE-RSA-DES-CBC3-SHA) | ||||||
| SSLv3 | ECDH | RSA | 3DES | 168 | SHA1 | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ECDHE-RSA-AES128-SHA) | ||||||
| SSLv3 | ECDH | RSA | AES | 128 | SHA1 | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ECDHE-RSA-AES256-SHA) | ||||||
| SSLv3 | ECDH | RSA | AES | 256 | SHA1 | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (ECDHE-ECDSA-AES128-SHA256) | ||||||
| TLSv1.2 | ECDH | ECDSA | AES | 128 | SHA256 | |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (ECDHE-ECDSA-AES256-SHA384) | ||||||
| TLSv1.2 | ECDH | ECDSA | AES | 256 | SHA384 | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ECDHE-RSA-AES128-SHA256) | ||||||
| TLSv1.2 | ECDH | RSA | AES | 128 | SHA256 | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ECDHE-RSA-AES256-SHA384) | ||||||
| TLSv1.2 | ECDH | RSA | AES | 256 | SHA384 | |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ECDHE-ECDSA-AES128-GCM-SHA256) | ||||||
| TLSv1.2 | ECDH | ECDSA | AESGCM | 128 | AEAD | |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ECDHE-ECDSA-AES256-GCM-SHA384) | ||||||
| TLSv1.2 | ECDH | ECDSA | AESGCM | 256 | AEAD | |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ECDHE-RSA-AES128-GCM-SHA256) | ||||||
| TLSv1.2 | ECDH | RSA | AESGCM | 128 | AEAD | |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDHE-RSA-AES256-GCM-SHA384) | ||||||
| TLSv1.2 | ECDH | RSA | AESGCM | 256 | AEAD | |
Note: Some updates of Java may deactivate compromised cipher suites. If absolutely required, check the Java documentation to reactivate them.
Note: Enterprise Message Service does not support these cipher suites:
- SSL_RSA_WITH_RC4_128_MD5
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
- SSL_RSA_EXPORT_WITH_RC4_40_MD5
- SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA
- SSL_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA
- SSL_DHE_DSS_EXPORT_WITH_DES_40_CBC_SHA
- SSL_RSA_WITH_NULL_MD5
- SSL_RSA_WITH_NULL_SHA
- SSL_RSA_WITH_DES_CBC_SHA
- SSL_DHE_DSS_WITH_DES_CBC_SHA
- SSL_DHE_RSA_WITH_DES_CBC_SHA
Although they are not supported, they are included in the interface definition only to allow old programs to compile correctly. Use the SSL authentication only feature in place of these cipher suites. See SSL Authentication Only below for more information.
Copyright © Cloud Software Group, Inc. All rights reserved.