CA XCOM Data Encryption - How to specify a cipher

Document ID : KB000009490
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Understanding and Using Ciphers with Encryption with CA XCOM Data Transport

 

Instructions:

Instructions: 

  1. XCOM provides users with a list of ciphers. Issue command "OPENSSL CIPHERS" from your XCOM directory. 

    For example, if the first line of the output of the command shows, DHE-RSA-AES256-SHA 

    The third field will show the cipher that is being used for data encryption (in this example it is AES256). 

  2. Understanding the CIPHER section in our configssl.cnf:
    1. In the XCOM configssl.cnf file there are the following statements: 

      [CIPHER] 
      INITIATE_SIDE = ALL:!ADH:!LOW:!EXP:MD5:@STRENGTH 
      RECEIVE_SIDE = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH 

      Meaning of values: 

      ALL = use all ciphers provided 
      !ADH: !LOW:!EXP = do not use these ciphers. (The '!' is equivalent to a NOT. 

      MD5 = indicates use this cipher 
      @STRENGTH = indicates use the strongest cipher of all other ciphers not excluded 

  3. A user may choose a cipher by editing the CIPHER section in the configssl to one of the following values: 

    1. specifying the specific cipher as a value. e.g.: INITIATE_SIDE=3DES 

    2. not specifying the specific cipher as a value. e.g.:

      INITIATE_SIDE=ALL:!ADH:!LOW:!EXP:!RSA: @STRENGTH
Additional Information: