SSL Client Configuration

You can specify SSL parameters for the HTTP client shared resource here.

SSL Client Configuration

The General section in the SSL Client Configuration has the following fields.

Field Description
Package The name of the package in which you want to create a shared resource.
Name The name of the shared resource.
Description A short description of the shared resource.

Basic SSL Client Configuration

This section has the following fields.

Field Module Property Description
Keystore Provider As Trust Store No The name of a keystore provider resource instance that maintains a keystore that confirms an identity.
Enable Mutual Authentication No Indicates whether the client in the SSL connection authenticates to the server. Select this checkbox to enable the identity fields.
Identity Store Provider No The name of the keystore provider resource that maintains a keystore used to assert an identity.
Key Alias Name Yes The name of the alias used to access the identity.
Key Alias Password Yes The password for the alias.

Advanced Client SSL Configuration

This section contains the following fields.

Field Module Property Description
SSL Security Provider Yes Optional. The SSL security provider.
Note: This is the name for the JSSE's cryptographic provider implementing SSLContext. If you are using non-default providers, such as PDCS#11, you might want to override it.
SSL Protocol No The SSL protocol to use in the SSL connection:
  • TLSv1
  • TLSv1.1
  • TLSv1.2
  • TLSv1.3
  • SSLv3 - Use of this protocol is discouraged.

The default value is TLSv1.2.

Selecting a protocol implies the support of higher versions as well.

Note:
  • TSLv1.3 as SSL Protocol is supported for HTTP, REST, SOAP, Mail, and TCP Palettes.
  • TLSv1.3 supports only RSA certificates.
SSL Cipher Class No The number of bits in the key used to encrypt data:
  • No Exportable Ciphers
  • All Ciphers
  • At Least 128 Bit
  • More Than 128 Bit
  • At Least 256 Bit
  • FIPS Ciphers
  • Explicit Ciphers

The greater the number of bits in the key (cipher strength), the more possible key combinations and the longer it takes to break the encryption.

The default is At Least 128 Bit.

Explicit Cipher List Yes A list of ciphers. Enabled when SSL Cipher Class is set to Explicit Ciphers. Use the JSSE format for ciphers names.
Verify Remote Host name No Indicates whether the name on the server's certificate must be verified against the server's host name. If the server's host name is different than the name on the certificate, the SSL connection fails. The name on the certificate can be verified against another name by specifying Expected Remote Hostname.

Selecting this checkbox displays the Expected Remote Hostname field.

Default: This checkbox is deselected.

Expected Remote Hostname Yes Optional. The expected name of the remote host.

The default is None.