Enabling cipher suites

You can enable a list of cipher suites that are used during the secure information exchange between the IBM® Sterling Control Center Monitor event processors and the consoles or the web consoles.

  • Ensure that the secure connections between the IBM Sterling Control Center Monitor event processors and the consoles work.
  • Ensure that the cipher suites that you add in the engine.properties file are supported by the console JRE. For more information, see the IBMJSSE2 Provider.
  • Ensure that the cipher suites that you add in the engine.properties file are supported by the engine IBM JRE.
  • If stronger algorithms are needed (for example, AES with 256-bit keys), obtain the JCE Unlimited Strength Jurisdiction Policy Files and install the files in the JDK/JRE.
    Important: Verify that this action is permissible under local regulations. For more information, Import Limits on Cryptographic Algorithms.
  • To download the unrestricted IBM JCE policy files, see Downloading Policy files.
  • Copy the local_policy.jar file and the US_export_policy.jar file from the JCE file that you downloaded in to the installation directory/jre/lib/security.
  • Ensure that the cipher suites that you add in the engine.properties file are negotiable cipher suites with IBM Sterling Control Center Monitor event processors. Otherwise, the connection might fail with the following message: handshake_failure, no cipher suites in common.
  • Ensure that the key authentication algorithm in the cipher suites that you add in the engine.properties file is matches the key algorithm in your keystore. Otherwise, the connection might fail with the following message: handshake_failure, no cipher suites in common.
The engine.properties file contains properties that are used to specify the cipher suites that are used by IBM Sterling Control Center Monitor. Add or edit the https.cipherSuites key in the file to specify the cipher suites that are enabled. For example:

<https.cipherSuites>TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5</https.cipherSuites>
  1. To view the engine.properties file, in the IBM Sterling Control Center Monitor web console, click your user ID and then click Menu button () > System Settings > Properties > engine.properties.
  2. Edit the https.cipherSuites key to provide a comma-separated list of cipher suites.
  3. Restart all the event processors.
  4. Restart the console or the web console.
    Important: Be sure to empty the temporary files and cached application in the Java control panel.
Use HTTPS connections between the IBM Sterling Control Center Monitor event processors and the consoles or the web start consoles.