IBM® UrbanCode™ Deploy supports
multiple SSL protocols and ciphers for communication between servers.
IBM UrbanCode Deploy supports
TLSv1, TLSv1.1, and TLSv1.2 SSL protocols. IBM UrbanCode Deploy supports
only the SSLv3 protocol if older agents require its use. See Upgrading agents.
IBM UrbanCode Deploy uses
SSL in communication between the web UI and the server and between
servers that use ActiveMQ. The SSL certificates that control both
types of communication use the Java™ KeyStore
(JKS) format. The certificates are generated by an RSA key with a
2048-bit length and are signed by a SHA256withRSA algorithm.
- By default, the web UI connects on port 8443. You find its certificate in the
opt/tomcat/conf/tomcat.keystore directory. See SSL configuration.
- By default, ActiveMQ connects on port 7918. You find its SSL certificate in the
app_data/conf/server.keystore directory. See Configuring mutual authentication.
The following SSL cipher suites are enabled by default:
- ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- ECDH_ECDSA_WITH_AES_128_CBC_SHA
- ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- ECDH_ECDSA_WITH_AES_256_CBC_SHA
- ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- ECDH_RSA_WITH_AES_128_CBC_SHA
- ECDH_RSA_WITH_AES_128_CBC_SHA256
- ECDH_RSA_WITH_AES_128_GCM_SHA256
- ECDH_RSA_WITH_AES_256_CBC_SHA
- ECDH_RSA_WITH_AES_256_CBC_SHA384
- ECDH_RSA_WITH_AES_256_GCM_SHA384
- ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- ECDHE_RSA_WITH_AES_128_CBC_SHA
- ECDHE_RSA_WITH_AES_128_CBC_SHA256
- ECDHE_RSA_WITH_AES_128_GCM_SHA256
- ECDHE_RSA_WITH_AES_256_CBC_SHA
- ECDHE_RSA_WITH_AES_256_CBC_SHA384
- ECDHE_RSA_WITH_AES_256_GCM_SHA384
- RSA_FIPS_WITH_3DES_EDE_CBC_SHA
- RSA_WITH_3DES_EDE_CBC_SHA
- RSA_WITH_AES_128_CBC_SHA
- RSA_WITH_AES_128_CBC_SHA256
- RSA_WITH_AES_128_GCM_SHA256
- RSA_WITH_AES_256_CBC_SHA
- RSA_WITH_AES_256_CBC_SHA256
- RSA_WITH_AES_256_GCM_SHA384
- RSA_WITH_CAMELLIA_128_CBC_SHA
- RSA_WITH_CAMELLIA_128_CBC_SHA256
- RSA_WITH_CAMELLIA_256_CBC_SHA
- RSA_WITH_CAMELLIA_256_CBC_SHA256