![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
On the EMS server, specify cipher suites using the ssl_server_ciphers configuration parameter in tibemsd.conf. For more information about server configuration files, see Chapter 7, Using the Configuration Files.For clients connecting with a connection factory, specify cipher suites using the ssl_ciphers connection factory parameter. For more information, see Configuring SSL in EMS Clients.When specifying cipher suites, the usual way to specify more than one cipher suite is to separate each suite name with a colon (:) character. Alternatively, you can use spaces and commas to separate names.The syntax for specifying the list of cipher suites is different for Java clients than for any other location where cipher suites can be specified. For Java clients, you specify a qualifier (for example, + to add the suite) followed by the cipher suite name. Cipher suite names are case-sensitive. Table 85 describes the qualifiers you can use when specifying cipher suite names in a ConnectionFactory for Java clients.
At least one cipher suite must be present, otherwise the SSL connection fails to initialize. So, if you use -ALL, you must subsequently add the desired ciphers to the list.This example specifies cipher suites in the ssl_ciphers connection factory parameter in a Java client:For any cipher suite list that is not specified in a connection factory of a Java client, use the OpenSSL syntax. In particular, C clients and the ssl_server_ciphers configuration parameter require OpenSSL syntax.In OpenSSL syntax, specifying a cipher suite name adds that cipher suite to the list. Each cipher suite name can be preceded by a qualifier. Cipher suite names are case-sensitive. Table 86 describes the qualifiers available using OpenSSL syntax.
Table 86 OpenSSL Qualifiers for Cipher Suites If the / does not prefix the cipher list, then EMS prefixes the cipher list with the OpenSSL cipher string DEFAULT. At least one cipher suite must be present or the SSL connection fails to initialize. So, after using -ALL, you should add at least one cipher to the list.This example specifies cipher suites in the ssl_server_ciphers configuration parameter.The EMS server and C client library use DEFAULT as their default cipher list. For details on the cipher suites corresponding to DEFAULT for a given version of OpenSSL, please refer to the OpenSSL documentation.The EMS server and C client library support a subset of the cipher suites that OpenSSL supports. For a complete list, see the output of the help ciphers command in the administration tool.Java clients support only the cipher suites listed in Table 87. For convenience, the table lists both the Java name and the OpenSSL name for each cipher suite. For Java clients, restrictions apply to some of the newer cipher suites. Using these may require adjustments to some of the following: JVM version, JVM vendor, JCE unlimited strength jurisdiction policy files, the java.security properties file, and X509 certificate digital signature algorithms. For details, contact TIBCO Support.
Table 87 Supported Cipher Suites in Java API
Supported Cipher Suites for .NET Clients
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |