POM uses a set of cipher suites that might not be supported by the Java implementation installed on the application server. This includes the cipher suites that use AES_256 and require installation of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. To use a stronger algorithm, obtain the JCE Unlimited Strength Jurisdiction Policy Files and install it in the JDK/JRE.
Note:
It is the responsibility of the customer to verify that this action is permissible under local regulations. If not, customer can remove the unsupported ciphers from the connector in the server.xml of Apache Tomcat. Customers can also use the default ciphers of the installed Java implementation by removing the ciphers attribute from the connector element of $APPSERVER_HOME/conf/server.xml. For more information, see Troubleshooting Avaya Proactive Outreach Manager.
For WebSphere, POM uses the default cipher suites provided by the IBMJSSE2 provider. However, if the customer wants to use specific cipher suites, then the customer must configure the enabledCiphers property in the WASConfig.properties file and set those ciphers suites as comma separated values.
For example: enabledCiphers=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256.
For more information, see the following Java Implementation links:
If there is a mismatch between configured ciphers on the application server and the supported ciphers by the underlying Java implementation, application server logs display the following exception:
java.lang.IllegalArgumentException: Cannot support <Unsupported Cipher name> with currently installed providers.
