Supported Cipher Suites for Java Clients

Java clients support only the cipher suites listed in the following table. For convenience, the table lists both the Java name and the OpenSSL name for each cipher suite. For Java clients, restrictions apply to some of the newer cipher suites. Using these may require adjustments to some of the following: JVM version, JVM vendor, JCE unlimited strength jurisdiction policy files, the java.security properties file, and X509 certificate digital signature algorithms. For details, contact TIBCO Support.

Java Name
(OpenSSL Name) Protocol Version Key Exch Auth Encrypt Key Size MAC
SSL_RSA_WITH_RC4_128_SHA
(RC4-SHA)
  SSLv3 RSA RSA RC4 128 SHA1
SSL_RSA_WITH_3DES_EDE_CBC_SHA
(DES-CBC3-SHA)
  SSLv3 RSA RSA 3DES 168 SHA1
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
(EDH-RSA-DES-CBC3-SHA)
  SSLv3 DH RSA 3DES 168 SHA1
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
(EDH-DSS-DES-CBC3-SHA)
  SSLv3 DH DSS 3DES 168 SHA1
TLS_RSA_WITH_AES_128_CBC_SHA
(AES128-SHA)
  SSLv3 RSA RSA AES 128 SHA1
TLS_RSA_WITH_AES_256_CBC_SHA
(AES256-SHA)
  SSLv3 RSA RSA AES 256 SHA1
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
(DHE-DSS-AES128-SHA)
  SSLv3 DH DSS AES 128 SHA1
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
(DHE-DSS-AES256-SHA)
  SSLv3 DH DSS AES 256 SHA1
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
(DHE-RSA-AES128-SHA)
  SSLv3 DH RSA AES 128 SHA1
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
(DHE-RSA-AES256-SHA)
  SSLv3 DH RSA AES 256 SHA1
TLS_RSA_WITH_AES_128_CBC_SHA256
(AES128-SHA256)
  TLSv1.2 RSA RSA AES 128 SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
(AES256-SHA256)
  TLSv1.2 RSA RSA AES 256 SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
(DHE-DSS-AES128-SHA256)
  TLSv1.2 DH DSS AES 128 SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
(DHE-RSA-AES128-SHA256)
  TLSv1.2 DH RSA AES 128 SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
(DHE-DSS-AES256-SHA256)
  TLSv1.2 DH DSS AES 256 SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
(DHE-RSA-AES256-SHA256)
  TLSv1.2 DH RSA AES 256 SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
(AES128-GCM-SHA256)
  TLSv1.2 RSA RSA AESGCM 128 AEAD
TLS_RSA_WITH_AES_256_GCM_SHA384
(AES256-GCM-SHA384)
  TLSv1.2 RSA RSA AESGCM 256 AEAD
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
(DHE-RSA-AES128-GCM-SHA256)
  TLSv1.2 DH RSA AESGCM 128 AEAD
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
(DHE-RSA-AES256-GCM-SHA384)
  TLSv1.2 DH RSA AESGCM 256 AEAD
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
(DHE-DSS-AES128-GCM-SHA256)
  TLSv1.2 DH DSS AESGCM 128 AEAD
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
(DHE-DSS-AES256-GCM-SHA384)
  TLSv1.2 DH DSS AESGCM 256 AEAD
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
(ECDHE-ECDSA-RC4-SHA)
  SSLv3 ECDH ECDSA RC4 128 SHA1
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
(ECDHE-ECDSA-DES-CBC3-SHA)
  SSLv3 ECDH ECDSA 3DES 168 SHA1
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
(ECDHE-ECDSA-AES128-SHA)
  SSLv3 ECDH ECDSA AES 128 SHA1
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
(ECDHE-ECDSA-AES256-SHA)
  SSLv3 ECDH ECDSA AES 256 SHA1
TLS_ECDHE_RSA_WITH_RC4_128_SHA
(ECDHE-RSA-RC4-SHA)
  SSLv3 ECDH RSA RC4 128 SHA1
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
(ECDHE-RSA-DES-CBC3-SHA)
  SSLv3 ECDH RSA 3DES 168 SHA1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(ECDHE-RSA-AES128-SHA)
  SSLv3 ECDH RSA AES 128 SHA1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(ECDHE-RSA-AES256-SHA)
  SSLv3 ECDH RSA AES 256 SHA1
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
(ECDHE-ECDSA-AES128-SHA256)
  TLSv1.2 ECDH ECDSA AES 128 SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
(ECDHE-ECDSA-AES256-SHA384)
  TLSv1.2 ECDH ECDSA AES 256 SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(ECDHE-RSA-AES128-SHA256)
  TLSv1.2 ECDH RSA AES 128 SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(ECDHE-RSA-AES256-SHA384)
  TLSv1.2 ECDH RSA AES 256 SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(ECDHE-ECDSA-AES128-GCM-SHA256)
  TLSv1.2 ECDH ECDSA AESGCM 128 AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
(ECDHE-ECDSA-AES256-GCM-SHA384)
  TLSv1.2 ECDH ECDSA AESGCM 256 AEAD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(ECDHE-RSA-AES128-GCM-SHA256)
  TLSv1.2 ECDH RSA AESGCM 128 AEAD
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(ECDHE-RSA-AES256-GCM-SHA384)
  TLSv1.2 ECDH RSA AESGCM 256 AEAD
Note: Some updates of Java may deactivate compromised cipher suites. If absolutely required, check the Java documentation to reactivate them.
Note: Enterprise Message Service does not support these cipher suites:
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA
  • SSL_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA
  • SSL_DHE_DSS_EXPORT_WITH_DES_40_CBC_SHA
  • SSL_RSA_WITH_NULL_MD5
  • SSL_RSA_WITH_NULL_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_DHE_DSS_WITH_DES_CBC_SHA
  • SSL_DHE_RSA_WITH_DES_CBC_SHA

Although they are not supported, they are included in the interface definition only to allow old programs to compile correctly. Use the SSL authentication only feature in place of these cipher suites. See SSL Authentication Only below for more information.