Configuring HTTPS on AIX systems
The spectrum-advanced.properties file includes properties that are needed for AIX environments using the IBM Java Runtime Environment (JRE) or Java Development Kit (JDK). These properties establish the cipher suites that secure networks that use the TLS protocol.
To setup this environment:
- Remove the escape sequence ^SSL_.*$ from spectrum.https.encryption.excludeCipherSuites in the spectrum-advanced.properties file
- Uncomment spectrum.https.encryption.includeCipherSuites
##########################################################################
# Comma seperated regex expression for the excluded protocols
# Exclude weak / insecure ciphers
# Exclude ciphers that don't support forward secrecy
# The following exclusions are present to cleanup known bad cipher suites
# that may be accidentally included via include patterns.
# Excludes Null patterns
# In case of IBM Java (AIX environment please remove ^SSL_.*$
# from the list)
# spectrum.https.encryption.excludeCipherSuites=^.*_(MD5|SHA|SHA1)$,
# ^TLS_RSA_.*$, ^.NULL.$, ^.anon.$
###########################################################################
spectrum.https.encryption.excludeCipherSuites=^.*_(MD5|SHA|SHA1)$,
^TLS_RSA_.*$, ^.NULL.$, ^.anon.$, ^SSL_.*$
###########################################################################
# Only uncomment in case of IBM JRE/JDK on AIX environment
# Comma separated values for the included cipher suites only in case of
# AIX IBM JRE
# Please remove ^SSL_.*$ from the above list
#(spectrum.https.encryption.excludeCipherSuites)
###########################################################################
# spectrum.https.encryption.includeCipherSuites=^SSL_ECDHE.*$,
# ^SSL_DHE.*$, SSL_RSA.*$, TLS_EMPTY_RENEGOTIATION_INFO_SCSV