CA Embedded Entitlements Manager: Available ciphers for the new cipherlist tag

Document ID : KB000046312
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Where is the secure protocol defined for EEM, and how can we control the ciphers that are used for these secure connections?

Answer: 

The protocol and ciphers are controlled in the igateway.conf file located here:
%IGW_LOC%  or  $IGW_LOC

To set the TLS protocol, search in the file for secureProtocol and modify that line as follows:

<secureProtocol>TLSV1_1</secureProtocol>

or

<secureProtocol>TLSV1_2</secureProtocol>

Next search the file for cipherlist and modify that line as follows:

<cipherlist></cipherlist>    

You might set the values as  -ALL:HIGH:MEDIUM:!RC4  so that it would look like

<cipherlist>-ALL:HIGH:MEDIUM:!RC4</cipherlist>   

The list of supported ciphers for EEM are:

DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
AES256-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
DES-CBC3-SHA
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
AES128-SHA
RC4-SHA
RC4-MD5  

Changes to the igateway.conf file require a restart of igateway. 

Additional Information:

Settings are only valid for EEM version 12.5.1 CR04 and later
Please see https://www.openssl.org/docs/man1.0.2/apps/ciphers.html (OpenSSL version 1.0.2)  for formatting information on setting ciphers and additional information on ciphers