CORBA 2.6.1 Administration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

example: ssl.TrustManagerFactory.algorithm=SunX509.

The configuration of the truststore is done in the following order:

1. The

-ORBprofile values for the entity keys truststore and truststore_pswd.

2. The system properties that may be set on the program command line:

javax.net.ssl.trustStore

javax.net.ssl.trustStorePassword

javax.net.ssl.trustStoreType (optional)

$JAVA_HOME/lib/security/jssecerts.

$JAVA_HOME/lib/security/cacerts.

OpenSSL Cipher List for Use with ssl_ciphers

The ssl_ciphers protocol key takes values defined by OpenSSL, and these values are passed directly to the SSL_set_cipher_list() function.

Note that these OpenSSL cipher strings are case-sensitive.

The cipher list consists of one or more cipher strings separated by colons. The actual cipher string can take several different forms. It can consist

of a single cipher suite, such as RC4-SHA. Or, the cipher string can represent a list of cipher suites containing a certain algorithm or cipher

suites of a certain type. For example, 3DES represents all cipher suites using triple DES, and SSLv3 represents all SSL v3 algorithms.

Lists of cipher suites can be combined in a single cipher string by using the plus-sign (+) character, which is used as a logical

AND operation. For

example, SHA1+DES represents all cipher suites containing SHA1 and the DES algorithms.

Each cipher string can be preceded by one of the characters bang (!), minus-sign (–) or plus-sign (+). If bang (!) is used, the ciphers are

permanently deleted from the list. The ciphers deleted may never reappear in the list even if they are explicitly stated. If minus-sign (–) is used,

the ciphers are deleted from the list, but some or all of the ciphers may be added again by other options. If plus-sign (+) is used, the ciphers are

moved to the end of the list. This option does not add any new ciphers; it just moves matching existing ones. If none of these characters are

present, the string is just interpreted as a list of ciphers to be appended to the current preference list. If the list includes any ciphers already

present, they are ignored.

Additionally, the cipher string @STRENGTH can be used at any point to sort the current cipher list in order of the encryption-algorithm key

length.

DHE-RSA-AES256-SHA

DHE-DSS-AES256-SHA

AES256-SHA

EDH-RSA-DES-CBC3-SHA

EDH-DSS-DES-CBC3-SHA

DES-CBC3-SHA

DHE-RSA-AES128–SHA

DHE-DSS-AES128-SHA

AES128-SHA

DHE-DSS-RC4-SHA

ADH-DES-CBC3-SHA

RC4-SHA

RC4-MD5

EXP1024-DHE-DSS-RC4-SHA

EXP1024-RC4-SHA

EXP1024-DHE-DSS-DES-CBC-SHA

EXP1024-DES-CBC-SHA

EXP1024-RC2-CBC-MD5

EXP1024-RC4-MD5

ADH-RC4-MD5

EDH-RSA-DES-CBC-SHA

EDH-DSS-DES-CBC-SHA

DES-CBC-SHA

ADH-DES-CBC-SHA

EXP-EDH-RSA-DES-CBC-SHA

EXP-EDH-DSS-DES-CBC-SHA

EXP-DES-CBC-SHA

EXP-RC2-CBC-MD5

EXP-RC4-MD5

EXP-ADH-DES-CBC-SHA

EXP-ADH-RC4-MD5

NULL-SHA

NULL-MD5

NULL-NULL

Pathsend Protocol

Enable the Pathsend protocol when the object is hosted by a server running in a server pool and you want to use the TS/MP transport

mechanism. The Pathsend protocol is appropriate when your object is associated with a POA that has a stateless policy. By using the stateless

policy and the Pathsend protocol, any process in the server pool can handle a request. To use the protocol you must specify the server's