Friday, December 4, 2015

Mapping Java WebSphere Cipher Suite Names to IBM Host Cipher Suites

We recently went through an issue at work that required digging into the cipher suite negotiation between a WebSphere client and a web service exposed via CICS. The trickiness of this was based on how these two side expose their cipher suites to admins. On the Host side, the cipher suites are presented as a string of hex codes identifying the unique cipher IDs. On the WebSphere side, the suites are listed by name -- but the WebSphere cipher suite names do not match up with the cipher suite names in host documentation. I tried for a bit to find a cross reference somewhere on web but gave up. So I made my own which I present below. I did this by looking at openJDK's CipherSuite.java which maps the java cipher suite names to cipher IDs. Then I matched those cipher IDs to the Host cipher suite names. Trival. This is not a complete list of all available ciphers on these platforms -- it was what we needed for our current problem.
 
As a final bit of fun with names, note that depending on the particular Java you are using, the JAVA names may interchange the three-letter acronyms TLS and SSL. For example, the IBMJSSE2 suite does this. Refer to documentation here: https://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.71.doc/security-component/jsse2Docs/ciphersuites.html

Hope this helps someone.


CIPHER ID
CICS NAME
JAVA Name
35
TLS1_RSA_WITH_AES_256_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
36
TLS1_DH_DSS_WITH_AES_256_SHA
N/A WEBSPHERE
37
TLS1_DH_RSA_WITH_AES_256_SHA
N/A WEBSPHERE
38
TLS1_DHE_DSS_WITH_AES_256_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
39
TLS1_DHE_RSA_WITH_AES_256_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
2F
TLS1_RSA_WITH_AES_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
30
TLS1_DH_DSS_WITH_AES_128_SHA
N/A WEBSPHERE
31
TLS1_DH_RSA_WITH_AES_128_SHA
N/A WEBSPHERE
32
TLS1_DHE_DSS_WITH_AES_128_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
33
TLS1_DHE_RSA_WITH_AES_128_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0A
SSL3_RSA_DES_192_CBC3_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
16
SSL3_EDH_RSA_DES_192_CBC3_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
13
SSL3_EDH_DSS_DES_192_CBC3_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
10
SSL3_DH_RSA_DES_192_CBC3_SHA
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
0D
SSL3_DH_DSS_DES_192_CBC3_SHA
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
09
SSL3_RSA_DES_64_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
15
SSL3_EDH_RSA_DES_64_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
12
SSL3_EDH_DSS_DES_64_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
0F
SSL3_DH_RSA_DES_64_CBC_SHA
SSL_DH_RSA_WITH_DES_CBC_SHA
0C
SSL3_DH_DSS_DES_64_CBC_SHA
SSL_DH_DSS_WITH_DES_CBC_SHA