(Optional) Configure JDK to Use the Unlimited Strength Java Cryptography Jars

PPM supports control over the encryption suites used by its SSL (TLS) sockets. This can be specified by the server configuration parameter SSL_ENCRYPTION_SUITES.

The value for this parameter should contain a comma-separated list of the encryption suites to be made available to PPM Centre. These should be specified using the standard SSL/TLS cipher suite names.

For example, to specify that PPM should only establish connections using the TLS_DHE_RSA_WITH_AES_256_CBC_SHA cipher suite:

com.kintana.core.server.SSL_ENCRYPTION_SUITES=TLS_DHE_RSA_WITH_AES_256_CBC_SHA

If using AES256 or similarly strong encryption, the JDK used by both PPM and the client must be configured to use the unlimited strength Java cryptography jars, if this is permissible in your jurisdiction and under US export laws.

Note: The SSL_ENCRYPTION_SUITES parameter only impacts the encryption algorithm used for RMIS traffic. There is no impact on HTTPS (SSL) encryption, nor on how the passwords and sensitive data are encrypted in PPM.

To configure your JDK to use the unlimited strength Java cryptography jars,

  1. Go to http://www.oracle.com/technetwork/java/javase/downloads/index.html.

  2. Extract the downloaded zip package.