Suite B and Cipher List Support

The Oracle® Enterprise Session Border Controller (E-SBC) supports full control of selecting the ciphers that you want to use for Transport Layer Security (TLS). The system defaults to ALL for the Cipher List parameter in the TLS Profile configuration. Oracle recommends that you delete ALL and add only the particular ciphers that you want, choosing the most secure ciphers for your deployment.

To support Suite B, the E-SBC certificate-record configuration includes the following parameters:
  • key-algor—Public key algorithm. Supports RSA and ECDSA. Default: RSA Security. You must select ECDSA to support suite B.
  • ecdsa-key-size—ECDSA key size. Supports p256 and p384.

Configure the list of ciphers that you want to use from the cipher-list element in the tls-profile configuration. Press Tab to display the list of supported ciphers. One-by-one, you can add as many ciphers as your deployment requires. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 are suite B-based ciphers.

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents