Supported SSL protocols and ciphers

IBM® UrbanCode™ Release supports multiple SSL protocols and ciphers for communication between servers.

IBM UrbanCode Release supports TLSv1, TLSv1.1, and TLSv1.2 SSL protocols.

IBM UrbanCode Release uses SSL in communication between the web UI and the server and between servers that use ActiveMQ. The SSL certificates that control both types of communication use the Java™ KeyStore (JKS) format. The certificates are generated by an RSA key with a 2048-bit length and are signed by a SHA256withRSA algorithm.

  • By default, the web UI connects on port 8080. You find its certificate in the opt/tomcat/conf/tomcat.keystore directory.
  • By default, ActiveMQ connects on port 7918. You find its SSL certificate in the conf/server.keystore directory.

The following SSL cipher suites are enabled by default:

  • DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • RSA_WITH_3DES_EDE_CBC_SHA
  • RSA_FIPS_WITH_3DES_EDE_CBC_SHA
  • DHE_DSS_WITH_AES_128_CBC_SHA
  • DHE_DSS_WITH_AES_128_CBC_SHA256
  • DHE_DSS_WITH_AES_256_CBC_SHA
  • DHE_DSS_WITH_AES_256_CBC_SHA256
  • DHE_RSA_WITH_AES_128_CBC_SHA
  • DHE_RSA_WITH_AES_128_CBC_SHA256
  • DHE_RSA_WITH_AES_256_CBC_SHA
  • DHE_RSA_WITH_AES_256_CBC_SHA256
  • ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • ECDHE_RSA_WITH_AES_128_CBC_SHA
  • ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • ECDHE_RSA_WITH_AES_256_CBC_SHA
  • ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  • ECDH_ECDSA_WITH_AES_128_CBC_SHA
  • ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  • ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  • ECDH_ECDSA_WITH_AES_256_GCM_SHA384
  • ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  • ECDH_RSA_WITH_AES_128_CBC_SHA
  • ECDH_RSA_WITH_AES_128_CBC_SHA256
  • ECDH_RSA_WITH_AES_256_CBC_SHA
  • ECDH_RSA_WITH_AES_256_CBC_SHA384
  • ECDH_RSA_WITH_AES_256_GCM_SHA384
  • KRB5_WITH_3DES_EDE_CBC_SHA
  • RSA_WITH_AES_128_CBC_SHA
  • RSA_WITH_AES_128_CBC_SHA256
  • RSA_WITH_AES_256_CBC_SHA
  • RSA_WITH_AES_256_CBC_SHA256