Learn about Security and Auditing

Change the default protocols and ciphers for Progress OpenEdge servers

Save PDF

Table of Contents

Change the default protocols and ciphers for Progress OpenEdge servers

Save PDF

Last Updated: March 30, 2020
1 minute read

OpenEdge
Version 12.2
Documentation

Change the default protocols and ciphers for Progress OpenEdge servers

You can set the protocol and the cipher for the following server components:

OpenEdge Database Server: In the startup script of the server application, export the following environment variables.


Property	Description
`PSC_SSLSERVER_PROTOCOLS`	Accepts the cryptographic protocol that is set for the database server instance
`PSC_SSLSERVER_CIPHERS`	Accepts the valid cryptographic cipher that is set for the database server instance.

Once you export the variables, invoke a database server executable and start a session for the client application to use the set protocols and ciphers.

OpenEdge RDBMS: In the ubroker.properties file (available at <OpenEdge-install-directory>/properties), you can set the following environment variables:


Property	Description
`PSC_SSLSERVER_PROTOCOLS`	Accepts the cryptographic protocol that is set for the instance
`PSC_SSLSERVER_CIPHERS`	Accepts the valid cryptographic cipher that is set for the instance.

MS SQL Server: In the ubroker.properties file (available at <OpenEdge-install-directory>/properties), you can set the following environment variables:


Property	Description
`PSC_SSLSERVER_PROTOCOLS`	Accepts the cryptographic protocol that is set for the instance
`PSC_SSLSERVER_CIPHERS`	Accepts the valid cryptographic cipher that is set for the instance.

OpenEdge Management:

WebServer: In the fathom.properties file (available at $OEMgmt/conf), you can set the following environment variables:


Property	Description
`HttpsEnabled`	Enables you to change the cryptographic protocols and ciphers for secure communication with a WebServer. If you enable TLS for the WebServer in OpenEdge Management, this property is set to `true`.
`SSLEnabledProtocols`	If you want to change the default cryptographic protocol for the WebServer, enter this property in the fathom.properties file. The property accepts a comma-separated list of valid cryptographic protocols that are set for secure communication.
`SSLEnabledCipherSuites`	If you want to change the default cryptographic ciphers for the WebServer, enter this property in the fathom.properties file. The property accepts a comma-separated list of valid cryptographic ciphers that are set for secure communication.

Additionally, in the fathom.init.params file (available at $DLC), you can set the the property ssl.KeyManagerFactory.algorithm=IbmX509.

Note: You can set the ssl.KeyManagerFactory.algorithm=IbmX509 property only on AIX, AIX (64-bit), and LinuxPPC systems.

Email alerts configuration: In the fathom.properties file (available at $OEMgmt/conf), you can set the following environment variables:


Property	Description
`SmtpSSLEnabledProtocols`	If you want to change the default cryptographic protocol for the email alerts configuration, enter this property in the fathom.properties file. The property accepts a comma-separated list of valid cryptographic protocols that are set for secure communication.
`SmtpSSLEnabledCipherSuites`	If you want to change the default cryptographic ciphers for the email alerts configuration, enter this property in the fathom.properties file. The property accepts a comma-separated list of valid cryptographic ciphers that are set for secure communication.