The SSL protocol supports a variety of different cryptographic algorithms, or ciphers, for use in operations such as authenticating the server and client to each other, transmitting certificates, and establishing session keys. The cipher suite that SSL uses to connect determines whether any authentication will take place.
Exercise caution when selecting cipher suites. Each application must enable only those cipher suites that provide the minimum security needed by the node. SSL uses the most secure cipher suites supported by both the client and server. If low security cipher suites are enabled, a third party client can force the server to use the less secure cipher suites by publishing support for only the least secure cipher suite during cipher suite negotiation.
SSL can be operated in the following modes.
Encryption only, no authentication – Connections are encrypted. However, SSL does not authenticate the applications that are connecting.
Server Authentication – Clients authenticate the server to which they are connecting.
Server and Client Authentication – Both the client and server authenticate each other.
During the installation, when you select to use SSL to secure communications between applications, you are prompted to select the cipher suite to use. The cipher suite value is stored in net.ssl.cipher.suites in the config.properties file. The cipher suite value is set to the following value based on the selection you make.
If you select encryption, no authentication, the cipher suite is set to SSL_DH_anon_WITH_3DES_EDE_CBC_SHA.
If you select authentication with encryption, the cipher suite is set to SSL_RSA_WITH_3DES_EDE_CBC_SHA.
For lists of SSL cipher suites that do and do not require server authentication, see SSL Cipher Suites. You can configure client authentication only for cipher suites requiring server authentication.