Setting the ciphers for a TLS server profile
Ciphers are encryption/decryption algorithms used to secure HTTPs communication with the API Connect Management Server. The available ciphers are determined by the TLS Protocol version.
Before you begin
About this task
Starting with version 5.0.8.2, you can choose the ciphers to be enabled for each TLS protocol version from a list of available ciphers. Under normal circumstances, you can accept the default enabled ciphers. These ciphers will only be used for HTTPs communication with the management server, and should not be confused with the ciphers used by the Gateway servers for API invocation or authentication.
Note: Any change in TLS Profiles and Ciphers will cause an automatic reboot of the HTTP services on
all Management Servers.
Procedure
- In Cloud Manager, chooseSettings >Ciphers.
- View the available ciphers for each TLS protocol version. Enabled ciphers are marked with a check mark.
- If a change is needed, add or remove check marks next to the ciphers you want to support for each version of the TLS protocol. Some available ciphers are known to be weak or insecure. Be careful when enabling new ciphers.
- Toggle protocol versions on or off. The enabled TLS protocol versions are determined by the TLS Profile used by the cloud settings. Toggling off a TLS protocol version on the Ciphers screen will not disable that TLS protocol version. Toggling off only means that default ciphers will be used for that TLS protocol version.