19.6 Configuring the SSL Communication

By default, Access Manger supports the 128-bit SSL communication among Administration Console, Identity Server, and browsers. It is recommended to enable strong ciphers.

For the list of 256-bit ciphers, see Java ™ Cryptography Architecture Oracle Providers Documentation.

To enable strong 256-bit or higher ciphers:

  1. Open the Administration Console server.xml file.

    For information about how to open and modify a file, see Modifying Configurations.

  2. Add the 256-bit ciphers to the cipher attribute of <Connectors>.

    For example,

    <Connector NIDP_Name="connector" port="2443" maxHttpHeaderSize="8192"
    maxThreads="200" minSpareThreads="5" enableLookups="false"
    disableUploadTimeout="true" acceptCount="0" scheme="https" secure="true"
    clientAuth="false" sslProtocol="tls" URIEncoding="UTF-8"
    allowUnsafeLegacyRenegotiation="false" keystoreFile="/var/opt/novell/novlwww/
    .keystore" keystorePass="changeit" SSLEnabled="true" address="164.99.87.129"
    ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
    TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" />