Modifying the default ciphers

You can specify ciphers to improve your control over the ciphers that are used by the Global Mailbox server.

About this task

The default SSL configuration uses 128-bit ciphers and higher that are made available by the Java™ runtime software development kit (SDK).

The ciphers and their order are determined by the SDK.

To specify the list of ciphers and their order in the list:

Procedure

  1. Locate the server.xml file in the /opt/wlp/usr/servers/defaultServer directory.
  2. Edit the preferred cipher suites by modifying enabledCiphers in defaultSSLConfig. 
    <ssl id="defaultSSLConfig" enabledCiphers="<list of cipher suites>" .../>
    The ciphers that are specified for enabledCiphers accept AES128, AES256, and 3DES:
    <ssl id="defaultSSLConfig" enabledCiphers="TLS_DH_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA" .../>
  3. Save the server.xml file.
  4. Optional: Check the messages.log file in /opt/wlp/usr/servers/defaultServer/logs to make sure that there are not any errors as a result of changing the ciphers.
  5. Optional: Log in to the Global Mailbox administrator user interface to verify that the SSL connection is successful.