Ciphers supported with Business Connect
Article ID: KB0080543
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | 6.X and 7.X |
Description
1. Existing/ Documented Ciphers:
The currently documented ciphers for BusinessConnect are in "Chapter 8 Security : Cipher Suites" of the BusinessConnect Concepts Guide for each version.
In addition, there are newer ciphers that are provided by JRE 1.8 and the TIBCO encryption library provided in the BusinessConnect 6.3.X and above releases:
o TLS_RSA_WITH_AES_128_CBC_SHA256
o TLS_RSA_WITH_AES_256_CBC_SHA256
o TLS_RSA_WITH_AES_256_GCM_SHA384
o TLS_RSA_WITH_AES_128_GCM_SHA256
o TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
o TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
o TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
o TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
o TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
o TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
o TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
o TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
*************
The currently documented ciphers for BusinessConnect are in "Chapter 8 Security : Cipher Suites" of the BusinessConnect Concepts Guide for each version.
In addition, there are newer ciphers that are provided by JRE 1.8 and the TIBCO encryption library provided in the BusinessConnect 6.3.X and above releases:
o TLS_RSA_WITH_AES_128_CBC_SHA256
o TLS_RSA_WITH_AES_256_CBC_SHA256
o TLS_RSA_WITH_AES_256_GCM_SHA384
o TLS_RSA_WITH_AES_128_GCM_SHA256
o TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
o TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
o TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
o TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
o TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
o TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
o TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
o TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
*************
Issue/Introduction
This article provides an updated list of the ciphers available with BusinessConnect 6.3.X, 6.4.X, and 7.0.0
Environment
All environments
Resolution
Please use TRA 5.10 HotFix 4 or above and BC 6.3 HotFix 3 or above to support the GCM ciphers and all the above mentioned ciphers.
Also, make sure you install the Elliptical Curve libraries as part of the TRA hotfix install process.
For inbound HTTPS requests, you can specify which ciphersuites to use by setting this property in the GS Server's TRA file using these directions:
To set a prioritized list of cipher suites to be used with SSL, add the following property to the gsengine.tra file for each Gateway Server instance:
<<<
java.property.https.cipherSuites=<values>
>>>
The values can be a comma-separated list of supported cipher suites. The list depends on the Minimum Encryption Strength selected when you create a Gateway Services that uses HTTP transport. For example, a value of TLS_RSA_WITH_RC4_128_SHA can be used to prioritize this cipher suite only if you selected "Only 128-Bit and Stronger" for the Gateway Service.
Also, make sure you install the Elliptical Curve libraries as part of the TRA hotfix install process.
For inbound HTTPS requests, you can specify which ciphersuites to use by setting this property in the GS Server's TRA file using these directions:
To set a prioritized list of cipher suites to be used with SSL, add the following property to the gsengine.tra file for each Gateway Server instance:
<<<
java.property.https.cipherSuites=<values>
>>>
The values can be a comma-separated list of supported cipher suites. The list depends on the Minimum Encryption Strength selected when you create a Gateway Services that uses HTTP transport. For example, a value of TLS_RSA_WITH_RC4_128_SHA can be used to prioritize this cipher suite only if you selected "Only 128-Bit and Stronger" for the Gateway Service.
Additional Information
BusinessConnect, Cipher suites, GCM, RSA, AES
Feedback
Yes
No
Powered by
