Skip to content
CA API Gateway - 9.3
Documentation powered by DocOps

Selecting Cipher Suites

Last update January 21, 2019

The Cipher Suite Configuration dialog is used to specify which outbound TLS cipher suites you want to enable on the CA API Gateway for a specific target host.

To select cipher suites to use:

  1. You can select which cipher suites to enable in any of the following areas:
    • Click [Cipher Suites] on the Edit HTTP Options dialog. For more information, see "Add an HTTP Option" under Manage HTTP Options.
    • Click [Cipher Suites] on the [Connection] tab of the HTTP(S) Routing Properties. For more information, see "Configuring the [Connection] Tab" under Route via HTTP(S) Assertion.
    • Select the [SSL/TLS Settings] tab of the Listen Port Properties.

    • Click [Cipher Suites] on the WebSocket Connection Properties dialog, in either the Inbound or Outbound tabs. For more information, see Manage WebSocket Connections.

    • Select Use SSL option and click [Cipher Suites] on the Cassandra Connection Properties.  For more information, see Manage Cassandra Connections.
    The Enabled Cipher Suites dialog is displayed, listing the suites recognized by the CA API Gateway. Note that the cipher suites visible to you depend on the security configuration of your Gateway. 
  2. Specify the order of the cipher suites to use:
    • Select one or more lines and use [Move Up] and [Move Down] to reorder the cipher suites.
    • Select [Uncheck All] to quickly remove all selections so that you can specify the suite(s) you want to use.
    • Select [Use Default List] to reset the list to the default set of cipher suites. Thedefaultsuites are those that are least likely to cause compatibility issues with target servers.
    • Filter the cipher suite list by typing into the field. Tip: The search is not case sensitive.

  3. Click [OK] when done.
Was this helpful?

Please log in to post comments.

  1. Venkat Bharadwaj
    2019-01-02 05:46

    Hi Team,

    The 9.2 version has a List of supported suites like below: https://docops.ca.com/ca-api-gateway/9-2/en/security-configuration-in-policy-manager/tasks-menu-security-options/manage-http-options/selecting-cipher-suites

    But this page does not contain the list of "supported cipher suites" Does this mean the list for 9.2 implies for 9.3 version also?

    1. Malathi Bondili
      2019-01-21 05:08

      Hi Venkat:

      I'm discussing the reason for this change between 9.2 and 9.3 versions with the Engineering team. I'll get back to you with an update.

      1. Malathi Bondili
        2019-01-21 05:45

        Hi Venkat:

        As all the supported cipher suites are listed in the Policy Manager itself, we stopped duplicating the list in DocOps. Listing it here might also prone to error every time we update JDK.

        Hope this helps!