How to specify UBroker cipher suite and ssl protocols

How to set AppServer Broker cipher suite and cryptographic protocols.
Where to specify the protocols and ciphers that an AppServer enabled for SSL or TLS will support.
How to limit which SSL ciphers the UBroker can use.

Configuring Broker cipher suite and cryptographic protocols.

1. To configure a the UBroker to only accept secure protocols and allow a restricted set of Cipher Suites update the <DLC>/properties/ubroker.properties with the following Environment Variables under the UBroker's Environment section, where entries are comma separated:

For instance, test the client by configuring the server to only allow a restricted set of GCM Cipher Suites SHA256 available since TLS 1.2:

[Environment.asbroker1]
PSC_SSLSERVER_PROTOCOLS=TLSv1.2
PSC_SSLSERVER_CIPHERS=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

2. The SSL algorithm list to use in arbitrating an SSL Session with the SSL client can be defined with the sslAlgorithms parameter:

[UBroker.AS.asbroker1]
...
    environment=asbroker1
    sslAlgorithms=AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:ADH-AES128-GCM-SHA256:ADH-AES256-SHA256

To use the 256 bit AES Ciphers, it is necessary to install JCE Unlimited Strength Jurisdiction Policy Files:

• https://www.oracle.com/java/technologies/javase-jce8-downloads.html   

The following Articles provide useful quick reference and additional information:

• Ciphers supported by OpenEdge  
• What streams can be encrypted in an OpenEdge environment when using the Classic AppServer ?
• How to set Client SSL Protocols and Ciphers in OpenEdge   
• Identifying what SSL/TLS ciphers a server supports.   

Cryptographic Protocols and Ciphers supported by OpenEdge are published since the OpenEdge 11.6 version: