1. Essentials Guide
  2. Transport Layer Security
  3. Supported Encryption
  4. Suite B and Cipher List Support

Suite B and Cipher List Support

The Oracle Communications Core Session Manager (OCCSM) supports full control of selecting the ciphers that you want to use for Transport Layer Security (TLS). The system defaults to DEFAULT for the Cipher List parameter in the TLS Profile configuration. Oracle recommends that you delete ALL and add only the particular ciphers that you want, choosing the most secure ciphers for your deployment.

To support Suite B, the OCCSM certificate-record configuration includes the following parameters:
  • Key Algor—Public key algorithm. Supports RSA and ECDSA. Default: RSA Security. You must select ECDSA to support suite B.
  • ECDSA Key Size—ECDSA key size. Supports p256 and p384.

Configure the list of ciphers that you want to use from the cipher-list element in the tls-profile configuration. Press Tab to display the list of supported ciphers. One-by-one, you can add as many ciphers as your deployment requires.