Contact Us
System Parameter Reference

Parameter: TLS_CIPHER_SUITES

Definition

The list of enabled cipher suites for encrypted communications using SSL/TLS

Description and Use

This system parameter defines the list of cipher suites that are enabled when performing encrypted communications using the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocol for the following technical interfaces of SAP Convergent Charging:

  • Message TCP
  • Web Services
  • HTTP Communication Interface (HCI)

Syntax and Constraints

The value is a comma-separated list.

Every element of the list can be either:

  • The full name of a cipher suite
  • A regular expression used to select a set of cipher suites

The cipher suite preference of the server is defined by the order in which the cipher suites are listed. This list prevails over the cipher suite preference of the client.

Example

The following value: TLS_ECDHE_RSA_.*_AES_128_(CBC|GCM)_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
corresponds to this ordered list of cipher suites:

  1. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  2. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  3. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

For further information about the possible values, refer to the Java Secure Socket Extension Reference Guide.

Note

When no value is specified, this list contains all the cipher suites that are enabled by default in the JVM.

See Also

TLS_PROTOCOLS - The list of enabled protocols for encrypted communications using SSL/TLS

Technical Details

For more information, consult this section.

Name TLS_CIPHER_SUITES

The list of enabled cipher suites for encrypted communications using SSL/TLS
Category Parameter
Type String
Access (RO/RW)

RW(-): Dynamic Read / Static Write

An immediate change is not possible. For a deferred and permanent change, use the set command of the Admin+ user interface to change the parameter value for a specific type of instance in the SAP CC Core Server system. A restart is needed for permanent changes.

Groups
Instance Types This system parameter is available in the following types of instances in a running SAP CC Core Server system:
  • dispatcher, updater
Default Values (Factory Settings)

The predefined default values are:

Instance Type Value
Dispatcher TLS_ECDHE_RSA_.*_AES_(128|256)_GCM_SHA.*,TLS_ECDHE_RSA_.*_AES_(128|256)_CBC_SHA.*,TLS_DHE_RSA_.*_AES_(128|256)_GCM_SHA.*,TLS_DHE_RSA_.*_AES_(128|256)_CBC_SHA.*,TLS_RSA_.*_AES_(128|256)_GCM_SHA.*,TLS_RSA_.*_AES_(128|256)_CBC_SHA.*
Updater TLS_ECDHE_RSA_.*_AES_(128|256)_GCM_SHA.*,TLS_ECDHE_RSA_.*_AES_(128|256)_CBC_SHA.*,TLS_DHE_RSA_.*_AES_(128|256)_GCM_SHA.*,TLS_DHE_RSA_.*_AES_(128|256)_CBC_SHA.*,TLS_RSA_.*_AES_(128|256)_GCM_SHA.*,TLS_RSA_.*_AES_(128|256)_CBC_SHA.*

You can use a default value to reset the runtime value or the restart value (persistent) in the Admin+ user interface.

Note

A default value is part of the factory settings of the SAP CC Core Server systems. It differs from the original value set during the installation or after the Customizing activities.

In Admin+, you can reset a parameter value to this default value, but it is not recommended:

  • This value may differ from the original value set during the installation of your SAP CC system.
  • Note that it may also differ from the value defined by the implementation project team and set during the Implementation Phase of the integration project.
Verify the values in your running SAP CC systems before to use the reset command.

 
SAP CC 4.1 © Copyright 2016 SAP SE or an SAP affiliate company. All rights reserved.