Specify a List of Ciphers in a Particular Process

This example involves overriding default settings in the Connect:Direct® Secure Plus parameter files used to establish a connection between two business partners. The business partners agreed by default all sessions are non-secure but that when a secure communication line is required for a particular session, they would use the SSL protocol and a list of cipher suites in a specific order.

Although the SSL protocol is not enabled in the Connect:Direct Secure Plus parameter files, the remote node records specify OVERRIDE=Y, and all other parameters required to perform the handshake to establish an SSL session are defined.

To specify that the session for this PROCESS is to be secure using SSL and to tell IBM® Connect:Direct to use a specific list of cipher suites, the business partners use the following PROCESS statement:

SSLCIPHERS PROCESS SNODE=OTHERBP 
SECURE=(SSL,(SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_AES_128_SHA, 
SSL_RSA_AES_256_SHA,SSL_RSA_WITH_DES_CBC_SHA) )

The four cipher suites are listed in the order of preference, and the first one that matches a cipher suite defined for the other node is used to establish a session.