SSL cipher suites in Java client applications

Cipher suites define the key exchange, data encryption, and hash algorithms used for an SSL session between a client and server.

Cipher suites define the key exchange, data encryption, and hash algorithms used for an SSL session between a client and server. During the SSL handshake, both sides present the cipher suites that they are able to support and the strongest one common to both sides is selected. In this way, you can restrict the cipher suites that a Java™ client application presents. CICS® Transaction Gateway uses cipher suites provided by the Java runtime environment for the SSL protocol. The cipher suites available to be used are dependant on the Java version. See the documentation supplied with your Java runtime environment for valid cipher suites.

Restricting cipher suites for a Java client application

To restrict the cipher suites used by a JavaGateway object, use the setProtocolProperties() method to add the property JavaGateway.SSL_PROP_CIPHER_SUITES to the properties object passed to it. The value of the property must contain a comma-separated list of the cipher suites that the application is restricted to using.

For example:

 Properties sslProps = new Properties(); 
 sslProps.setProperty(JavaGateway.SSL_PROP_KEYRING_CLASS, strSSLKeyring);
 sslProps.setProperty(JavaGateway.SSL_PROP_KEYRING_PW, strSSLPassword);
 sslProps.setProperty(JavaGateway.SSL_PROP_CIPHER_SUITES,
                       "SSL_RSA_WITH_NULL_SHA");
 javaGatewayObject = new JavaGateway(strUrl, iPort, sslProps);