The MDEX Engine can optionally be configured to require encryption when other components of your Oracle Commerce Guided Search implementation communicate with it.
Encryption is required whenever the the
-sslcertfile option is used with the
dgraph command that starts the MDEX Engine. For
information about the
dgraph command and its options, refer to the
Oracle Commerce Guided Search Administrator's Guide.
Whenever encryption is required, the MDEX Engine and the client with which it is negotiating a connection together choose an appropriate encryption algorithm from Oracle's approved list of algorithms.
However, you may want to limit the available choices to a specific algorithm or algorithms on the approved list. To do this, you can specify the algorithm or algorithms on the command line where encryption algorithms are accepted. If you specify more than one algorithm, the component and the MDEX Engine will negotiate and decide which one to use.
When a Guided Search application uses DSA certificates, all components including Logserver and Dgraphs also use DSA certificates. But if you not specify a cipher, then RSA ciphers are used by default, regardless of whether you use DSA or RSA certificates; for example, AES128-SHA for dgraph and AES128-SHA256 for Logserver. Thus, you must specify a cipher when you use DSA certificates.
You specify the algorithms by their standard names, such as
DHE-RSA-AES256-SHA. If you specify more than one
algorithm, you must separate their names with colons; for example:
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA.
Each Guided Search component uses its own syntax for accepting
specific algorithms as input. For example, the dgraph command uses the
--sslcipher option, as follows:
dgraph --sslcipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA
Note
Oracle strongly recommends that you use one of the approved algorithms listed in Approved Encryption Algorithms. Applications that use algorithms not listed in this appendix are vulnerable to serious breaches of security.
