Cipher Suite List Override of Single Default Cipher Suite

The business partners agreed by default all sessions are secure and chose TLS as the default protocol. Both partners specified the following configuration in their Connect:Direct® Secure Plus parameter files:

  • Enabled the TLS protocol
  • Specified OVERRIDE=Y in both the Local and Remote Node records
  • Selected TLS_RSA_WITH_RC4_128_MD5 as the cipher suite to use when executing Processes

To override the default protocol and use a list of other TLS cipher suites when executing a particular Process, they use the following PROCESS statement:

NEWCIPHERS PROCESS SNODE=OTHERBP SECURE=(TLS,(TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_AES_128_SHA,TLS_RSA_AES_256_SHA,TLS_RSA_WITH_DES_CBC_SHA) )