IBM Support

Limitng ciphers is breaking connections to monitored server

Troubleshooting


Problem

Adjusting the CC_java.security in conf directory of Control Center to remove insecure ciphers from being used breaks the connection to the monitored B2B server.
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, DSA, MD5, DH, ECDH, MD5withRSA, DH keySize < 1024, DESede, \
   EC keySize < 224, 3DES_EDE_CBC, anon, NULL, DES_CBC, \
    SSL_RSA_WITH_AES_128_CBC_SHA, \
    SSL_RSA_WITH_AES_128_CBC_SHA256, \
    SSL_RSA_WITH_AES_128_GCM_SHA256, \
    SSL_RSA_WITH_AES_256_CBC_SHA, \
    SSL_RSA_WITH_AES_256_CBC_SHA256, \
    SSL_RSA_WITH_AES_256_GCM_SHA384

Symptom

Showing the following error in the logs
No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSJC3O","label":"IBM Sterling Control Center Monitor"},"ARM Category":[{"code":"a8m0z000000cwVyAAI","label":"ENGINE"}],"ARM Case Number":"TS011987682","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.2.0;6.2.1;6.3.0"},{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSNG8A","label":"IBM Sterling Control Center Director"},"ARM Category":[{"code":"a8m0z000000cwVyAAI","label":"ENGINE"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.2.0;6.2.1;6.3.0"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
30 March 2023

UID

ibm16967331

Page Feedback