Oracle Endeca Platform Services Security Guide Version 6.1.3 · June 2012
Copyright © 2003, 2012, Oracle and/or its affiliates. All rights reserved.
When configuring SSL for the MDEX Engine and Forge, you should specify a cipher string to indicate which type of cryptographic algorithm will be used.
You set this cipher string in the cipher element when you provision the components, either in a provisioning file or in Endeca Workbench.
Keep in mind that the cipher string specifies the minimum cryptographic algorithm that you want to use. If, during the SSL negotiation between components, the Endeca system determines that a stronger algorithm is needed, then it will automatically use a stronger cipher suite. For example, if you specify the AES128-SHA cipher string, the system may actually use the stronger AES256-SHA cryptographic algorithm to make the SSL connection.
If you omit the cipher element, the SSL software will try to obtain a working cryptographic algorithm from its internal list of ciphers, starting with the AES256-SHA cipher. To make sure that you get the exact cryptographic algorithm that you want, you should specifically set it via the cipher element.
Some of the available cipher strings are listed in the following table.
| Cipher string | Resulting cryptographic algorithm |
|---|---|
| AES128-SHA | KeyExchange=RSA, Authentication=RSA, Encryption=AES (128-bit), MessageDigestHash=SHA-1 |
| AES256-SHA | KeyExchange=RSA, Authentication=RSA, Encryption=AES (256-bit), MessageDigestHash=SHA-1 |
| DES-CBC3-SHA | KeyExchange=RSA, Authentication=RSA, Encryption=3DES (168-bit), MessageDigestHash=SHA-1 |
| RC4-SHA | KeyExchange=RSA, Authentication=RSA, Encryption=RC4 (128-bit), MessageDigestHash=SHA-1 |
| RC4-MD5 | KeyExchange=RSA, Authentication=RSA, Encryption=RC4 (128-bit), MessageDigestHash=MD5 |
Oracle Endeca Platform Services Security Guide Version 6.1.3 · June 2012
Copyright © 2003, 2012, Oracle and/or its affiliates. All rights reserved.