Java Client Syntax
The syntax for specifying the list of cipher suites is different for Java clients than for any other location where cipher suites can be specified. For Java clients, you specify a qualifier (for example, + to add the suite) followed by the cipher suite name. Cipher suite names are case-sensitive. The following table describes the qualifiers you can use when specifying cipher suite names in a ConnectionFactory for Java clients.
| Qualifier | Description |
|---|---|
| + | Add the cipher to the list of ciphers. |
| - | Remove the cipher from the list of ciphers. |
| > | Move the cipher to the end of the list. |
| < | Move the cipher to the beginning of the list. |
| ALL | All ciphers from the list (except null ciphers). You can use this keyword to add or remove all ciphers.
At least one cipher suite must be present, otherwise the TLS connection fails to initialize. So, if you use -ALL, you must subsequently add the desired ciphers to the list. |
This example specifies cipher suites in the ssl_ciphers connection factory parameter in a Java client:
-ALL:+ECDHE-RSA-AES256-GCM-SHA384:<ECDHE-RSA-AES128-GCM-SHA256
This example specifies cipher suites using Java names:
-ALL:+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:+TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
<SSL_RSA_WITH_3DES_EDE_CBC_SHA