Configure cipher suites
Administrators can restrict the number of allowed cipher suites used by ISIM.
A cipher suite is a combination of algorithms that can be used for authentication, data encryption, key exchange, and message authentication for a secure network connection.
We must only perform configuration tasks on a primary node.
The mandatory cipher suite SSL_RSA_WITH_AES_128_CBC_SHA is enabled by default (cannot be disabled) which is used for internal communication between WebSphere Application Server components.
All the ciphers are arranged in order of their strength.
The following cipher suites for IBM Security Identity Manager are allowed.
Protocol version Cipher suites TLS/TLSv1/TLSv1.1/TLSv1.2 SSL_ECDHE_RSA_WITH_AES_256_CBC_SH. SSL_RSA_WITH_AES_256_CBC_SH.
SSL_ECDHE_RSA_WITH_AES_128_CBC_SH.
TLSv1.2 only SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA38. SSL_RSA_WITH_AES_256_GCM_SHA38.
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA25.
SSL_RSA_WITH_AES_128_GCM_SHA25.
- From the top-level menu of the Appliance Dashboard, click Configure > Manage Server Settings > Cipher Suites Configuration.
- Click Reconfigure.
Button Options Reconfigure
- Cipher
- List of ciphers.
- Protocol Version
- Specifies the protocol for the cipher suites available.
- Remarks
Status of the ciphers which are enabled or disabled.
By default, all the ciphers are enabled.
We can enable or disable multiple ciphers by selecting or clearing the check box.
- Select the cipher suites to enable or disable. We cannot disable all the ciphers.
- Click Save Configuration to complete this task.
Restart ISIM Server.
For a clustered environment, synchronize a member node with the primary node. See Synchronizing a member node with a primary node.
Parent topic: Virtual appliance configuration