How do I configure which ciphers/hashes/macs/etc. that my Diplomat software uses for SSL or SSH communications?
Starting with Diplomat v8.1.1, in Enterprise and Standard Editions, you can specify these options in a “properties file” — which is simply a text file that has name/value pairs defined. When Diplomat first executes any transaction that requires SSL/TLS or SSH, it will consult the properties file for the chosen configuration for these values.
If no properties file is present, Diplomat will use default values.
The file must be named diplomat.custom.properties, and it must exist in C:\ProgramData\Coviant Software\Diplomat-j (or ..\Diplomat-trial for the trial version of our software).
The installer deploys a copy of this file into C:\Program Files\Coviant Software\Diplomat-j (or Diplomat-trial) for you to edit and place into the proper folder. If you do not create a copy in the proper ProgramData folder, changing the file in its originally location will have no effect. Alternatively, you can download file from this KB article and save it directly to the proper ProgramData folder.
The file that we provide includes a complete listing of all available options in commented lines. Commented lines start with the comment character #, and are ignored by the configuration reader. To edit the file, remove the comment character from the lines of items you want to enable, or add the comment character in front of the lines you want to disable.
Once you have successfully saved any settings, you must restart the Diplomat MFT 64 service for the changes to take effect.
- Protocols: TLSv1.2
- Cipher Suites:
TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- Protocols: TLSv1.2 TLSv1.1
- Cipher Suites: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256