CA XCOM Data Encryption - How to specify a cipher
Article ID: 9490
Updated On:
Products
XCOM Data Transport
XCOM Data Transport - Windows
XCOM Data Transport - Linux PC
XCOM Data Transport - z/OS
Issue/Introduction
Understanding and Using Ciphers with Encryption with CA XCOM Data Transport
Environment
CA XCOM Data Transport for z/OS
CA XCOM Data Transport for Linux Intel
CA XCOM Data Transport for HP, Solaris, AIX
CA XCOM Data Transport for Windows
Opensll
System SSL
Resolution
- Issue command "OPENSSL CIPHERS" from your XCOM directory to list available ciphers.
For example, if the first line of the output of the command shows, DHE-RSA-AES256-SHA
The third field will show the cipher that is being used for data encryption (in this example it is AES256).
- In the XCOM configssl.cnf file there are the following parameters:
[CIPHER]
INITIATE_SIDE = ALL:!ADH:!LOW:!EXP:MD5:@STRENGTH
RECEIVE_SIDE = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
Meaning of values:
ALL = use all ciphers provided
!ADH: !LOW:!EXP = do not use these ciphers. (The '!' is equivalent to a NOT.
MD5 = indicates use this cipher
@STRENGTH = indicates use the strongest cipher of all other ciphers not excluded
INITIATE_SIDE = ALL:!ADH:!LOW:!EXP:MD5:@STRENGTH
RECEIVE_SIDE = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
Meaning of values:
ALL = use all ciphers provided
!ADH: !LOW:!EXP = do not use these ciphers. (The '!' is equivalent to a NOT.
MD5 = indicates use this cipher
@STRENGTH = indicates use the strongest cipher of all other ciphers not excluded
3. You may choose a cipher by editing the CIPHER section in the configssl to one of the following values:
- specifying the specific cipher as a value. e.g.: INITIATE_SIDE=3DES
- not specifying the specific cipher as a value. e.g.:
INITIATE_SIDE=ALL:!ADH:!LOW:!EXP:!RSA: @STRENGTH
Additional Information
Read about ciphers in these online guides:
Feedback
Yes
No
Powered by
