4.4 Configuring the 256-bit and Higher Ciphers for SSL Communication

By default, Access Manger supports the 128-bit SSL communication among the Administration Console, Identity Server, and browsers. The supported ciphers include:

  • SSL_RSA_WITH_RC4_128_MD5

  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

  • TLS_KRB5_WITH_3DES_EDE_CBC_SHA

  • TLS_KRB5_WITH_RC4_128_SHA

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA

  • SSL_RSA_WITH_RC4_128_SHA

  • TLS_RSA_WITH_AES_128_CBC_SHA

NOTE:It is recommended to enable strong ciphers.

To enable strong 256-bit or higher ciphers:

  1. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 from Sun's Java website.

  2. Extract the zip file and replace the policy jars in /opt/novell/java/jre/lib/security/.

  3. Modify the server.xml file located in /opt/novell/nam/adminconsole/conf/.

  4. Add the 256-bit ciphers to the cipher attribute of <Connectors>.

    For the list of 256-bit ciphers, see Java ™ Cryptography ArchitectureOracle Providers Documentation.