create a new XCOM windows TLS v1.2 Connection

Document ID : KB000118839
Last Modified Date : 01/11/2018
Show Technical Document Details
Introduction:
How to create a new profile connection TLS v2 in the XCOM windows to share files with a partner running TLS V1.2
Instructions:
1) Be at CA XCOM for Windows 11.6 SP02
2) Make sure you are using TLSV1.2 by specifying in the configssl.cnf file: [SSL_METHOD] INITIATE_SIDE = TLSV1.2 RECEIVE_SIDE = TLSV1.2
3). Upgrade your ciphers in the configssl.cnf file In the XCOM configssl.cnf file there are the following statements: [CIPHER] INITIATE_SIDE = ALL:!ADH:!LOW:!EXP:MD5:@STRENGTH RECEIVE_SIDE = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH Meaning of values: ALL = use all ciphers provided !ADH: !LOW:!EXP = do not use these ciphers. (The '!' is equivalent to a NOT Please see Cipher Suite Table for TLS v1.1 and TLS v1.2 in our online manual at https://docops.ca.com/ca-xcom-data-transport-for-windows/11-6-01/en/administrating/generate-ssl-certificates/cipher-suites-for-r11-6-sp01-sp02. Scroll down to see Cipher Suite Table for TLS v1.1 and TLS v1.2.

So, in summary
1) This box should be at XCOM 11.6 SP02
2) All other XCOM partners must be running TLS 1.2
3) Update configssl.cnf as above with TLS v1.2
4) Specify ciphers for TLS v1.2 - there is a chart in the manual. Consult your security admin for the ciphers you should use. They may already have requirements.