Suite B and Cipher List Support

The Oracle Communications Session Border Controller (OCSBC) supports full control of selecting the ciphers that you want to use for Transport Layer Security (TLS). The system defaults to DEFAULT for the Cipher List parameter in the TLS Profile configuration. Oracle recommends that you delete ALL and add only the particular ciphers that you want, choosing the most secure ciphers for your deployment.

To support Suite B, the OCSBC certificate-record configuration includes the following parameters:
  • key-algor—Public key algorithm. Supports RSA and ECDSA. Default: RSA Security. You must select ECDSA to support suite B.
  • ecdsa-key-size—ECDSA key size. Supports p256 and p384.

Configure the list of ciphers that you want to use from the cipher-list element in the tls-profile configuration. Press Tab to display the list of supported ciphers. One-by-one, you can add as many ciphers as your deployment requires.

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents