Setting the ciphers for a TLS server profile

Ciphers are encryption/decryption algorithms used to secure HTTPs communication with the API Connect Management Server. The available ciphers are determined by the TLS Protocol version.

Before you begin

Create your TLS profiles and assign one or more protocol versions to the profiles. For instructions on creating TLS profiles, see TLS profiles. Assign a TLS profile to connections with the Cloud Manager, API Manager, and the Developer Portal REST APIs. See Specifying the cloud settings and Using the Developer Portal REST APIs.

About this task

Starting with version 5.0.8.2, you can choose the ciphers to be enabled for each TLS protocol version from a list of available ciphers. Under normal circumstances, you can accept the default enabled ciphers. These ciphers will only be used for HTTPs communication with the management server, and should not be confused with the ciphers used by the Gateway servers for API invocation or authentication.

Note: Any change in TLS Profiles and Ciphers will cause an automatic reboot of the HTTP services on all Management Servers.

Procedure

In Cloud Manager, chooseSettings >Ciphers.
View the available ciphers for each TLS protocol version. Enabled ciphers are marked with a check mark.
If a change is needed, add or remove check marks next to the ciphers you want to support for each version of the TLS protocol. Some available ciphers are known to be weak or insecure. Be careful when enabling new ciphers.
Toggle protocol versions on or off. The enabled TLS protocol versions are determined by the TLS Profile used by the cloud settings. Toggling off a TLS protocol version on the Ciphers screen will not disable that TLS protocol version. Toggling off only means that default ciphers will be used for that TLS protocol version.

Results

HTTPs communication with the Management Server will be protected by the enabled ciphers.