Configuring extended settings
- Select Administration > Extended Settings.
- Specify this information:
- Max. waiting time for the end of file transfers during COM-Server shut down (in sec)
- If a data transfer is still being executed when the COM server is shut down, it is estimated if the transfer can be completed during the interval that you specify in this field. If possible, the COM server waits for the completion of the data transfer during the corresponding interval. If it cannot be completed during the specified interval, the transfer is cancelled. If there is no ongoing data transfer, the COM server is shut down immediately.
- DEFAULT_DSN for outbound transmission orders via makeq_tcp, if defined and no DSN is set at creation
- When you use makeq_tcp without using DSN as a parameter, select this check box to use the partner’s outgoing DEFAULT_DSN, if it is available. The outdated makeq_tcp call without DSN may thus be used with OFTP2 file encryption.
- Reject zero byte files on receipt (only OFTP)
- Files with a size of zero bytes are rejected with an SFNA by the OFTP receiving system.
- Show mandatory field 'Category' in Partner Management->Outbound DSL
- Category is used as a mandatory field for outgoing DSN in partner administration. This field can be used as a possible selection criterion when you use the HTTP adapter.
- Specific TLS/SSL parameter for any communication (expert mode)
- Select this check box to activate the TLS/SSL Parameter button, which
allows you to configure some global TLS/SSL security parameters,
like Cipher Suite or TLS/SSL Protocol, for all types of
communication that use TLS/SSL.Note: If this option is selected, non-standard parameters are set by default.
- Keep Alive time for AutoEx session (in sec)
- Specify a timeout period in seconds after which the user session is terminated automatically.
- Click TLS/SSL Parameter.
-
Specify this information:
- TLS/SSL Cipher Suite Filter (remove weak or not usable)
- TLS/SSL cipher suites are combinations of encryption and
signing processes. From the TLS/SSL cipher suites that are offered
by Java, the ones that can not be used for technical reasons or are
weakly encrypted from a security perspective are filtered out.
You can delete filter entries to approve cipher suites, and you can define additional filters with the help of Regular Expressions. The syntax follows the syntax of java/util/regex/pattern.
See: http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html.
A period represents any character, and an asterisk represents any number of characters. The specifically provided cipher suites are determined by the Java version and can be viewed in the Possible TLS/SSL Parameter on Server section for the server if the COM server or DMZ proxy is running and available.
- Sort order of TLS/SSL ciphers by classes, Sort TLS/SSL Cipher Suite inside this class
- You can continue sorting the filtered cipher suites here, that
is, you can define the preferred order for the cipher suites that
are offered by TLS/SSL. You can achieve this by sorting the classes.
First, the cipher suites are separated according to the first
Sort Order
Class. Start with the first criterion line. A
certain number of ciphers according to this condition is displayed,
together with others. Afterwards, the remaining ones are sorted
according to the second criterion, if available. You can repeat this
procedure until you reach the last criterion.
Then the existing classes are continuously separated according to the second Sort Order Class. If all criteria, that is lines, have been considered, you can continue with the next class. This procedure is used until you reach the last Sort Order Class. Finally the ciphers from the classes are packed into a list in the order according to the classes and subclasses. The new ciphers of future Java versions are thus considered automatically. The sorting criteria are entered as a list of Regexp expressions. See Sort TLS/SSL Cipher Suite inside this class. The syntax corresponds to the one of the TLS/SSL Cipher Suite Filter. Modifications are immediately displayed in Possible TLS/SSL Parameter on Server, if the COM server or the DMZ proxy are running.
Click Plus to add a new Sort Order Class. Use the arrows to modify the class order. You can delete classes by clicking Recycle. Click Enter to insert new criteria (lines) within a class. Use the arrows to change the order of the criteria. You can delete criteria (lines) by clicking Delete.
Sorting example:
Class 1: .*(_DHE_|_ECDHE_).* // Cipher with DHE and ECDHE, i.e. ciphers with Perfect Forward Secrecy first. Class 2: .*_AES_512_.* .*_AES_256_.* .*_AES_128_.* .*_3DES_.* // Prefer Ciphers with symmetrical AES encryption. The long keys are preferred to the short ones. Class 3: .*_SHA512 .*_SHA384 .*_SHA256 .*_SHA // Prefer ciphers with big signature hash values. Class 4: .*_GCM_.* // Prefer ciphers with block cipher modus GCM to those with CBC modus. Class 5: .*_ECDHE_.* // Prefer ciphers with elliptic curve to those with RSA (within class 1!)
- Description of this class
- Use this field to specify your comments regarding each class.
- Filter to remove TLS/SSL Protocol Level as Server
- Use this filter to delete protocol versions that are considered insecure. This filter applies to the communication systems that function as a server (listener). The syntax follows the TLS/SSL Cipher Suite Filter. You can check the filter result for the protocols by reviewing Result of filtered TLS/SSL Protocol Level as Server.
- Filter to remove TLS/SSL Protocol Level as Client
- Use this filter to delete protocol versions that are considered insecure. This filter applies to the communication systems that function as a client (connection initiator). The syntax follows the one of TLS/SSL Cipher Suite Filter. You can check the filter result for the protocols by reviewing Result of filtered TLS/SSL Protocol Level as Client.
- Available TLS/SSL Parameters for Server
- This section shows the resulting cipher suites based on the corresponding servers, depending on the Java version. You can see which cipher suites are used and how their order and priority are after filters and sorting have been applied. If the server or service is not available, an error message is displayed.
- Result of filtered TLS/SSL Protocol Versions as Server
- The resulting protocol versions are shown. They are based on the corresponding communication servers. This applies to the communication as a server (listener). You can see which protocol versions are used after filtering has been applied. The result is only displayed when the server or service is available.
- Result of filtered TLS/SSL Protocol Level as Client
- The resulting protocol versions are shown. They are based on the corresponding communication servers. This applies to the communication as a client (connection initiator). You can see which protocol versions are used after filtering has been implemented. The result is only displayed when the server or service is available.
- Java Version Used
- The Java version that is used on the corresponding
communications server is displayed.Note: The Java version determines the ciphers and protocols that are available.
- Message of the day
- The message of the day is a message that is displayed on all registered clients.
- Click OK.
-
Use the buttons in the XML Export section and XML Import section to export or
import configuration information.
- XML Export
-
Button Description System Configuration Click this button to export the system configuration to an XML file. All Communication Systems Click this button to export all communication systems to an XML file. All Partners Click this button to export all partners to an XML file. - XML Import
-
Button Description System Configuration Click this button to import the system configuration from an XML file. Communication Systems Click this button to import the communication systems from an XML file. Partners Click this button to import partners from an XML file.
- Click Save.