Problems with REST API calls

You might experience problems with REST API calls that are not going through after you enable strong ciphers on Fulfillment Optimizer CPLEX nodes. To resolve this issue, you must replace the policy .jar files in the client-side JRE.

About this task

The following ciphers are supported:

  ID  SUITE     BITS PROT    METHOD  CIPHER    MAC     KEYX

16: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
18: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
19: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
20: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
21: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
22: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
23: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
32: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
34: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
35: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
36: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
37: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA

Procedure

To replace the policy .jar files in the client-side JRE, complete the following steps.

  1. Download JCE Unlimited Strength files for your version of JRE:
    Table 1. Links to JCE Unlimited Strength files
    Version Link
    JRE 7 https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/sdkpolicyfiles.html
    JRE 7.1 https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/sdkpolicyfiles.html
    JRE 8 https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/sdkpolicyfiles.html
  2. Go to <JAVA_HOME>/jre/lib/security.
  3. Replace local_policy.jar and US_export_policy.jar with the files you downloaded.
  4. Restart the server and attempt a call to the Optimizer API.