4.4 Supported Cipher Suites

TLS 1.3 supports the following cipher suites:
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_CCM_8_SHA256
TLS 1.2 supports the following cipher suites:
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

JDK determines the default cipher suites for JOLT client. The Java property bea.jolt.tls.ciphersuites can be used to customize the cipher suites used by JOLT client. Customize the cipher suites for other Tuxedo components using the environment variable TM_CIPHERSUITES.

Note:

To enable elliptic curve cipher suites such as TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, apply the following to the Tuxedo component that acts as a TLS client and/or server:
  1. Generate an Oracle Wallet that contains elliptic curve keys and certificates, and configure it. For example, the following command generates an elliptic curve private key: openssl ecparam -name prime256v1 -genkey
  2. Set the environment variable TM_MIN_PUB_KEY_LENGTH=0

Parent topic: Quick Reference for TLS Support