Configuring cipher list in Unica Campaign

Prerequisite: Unica Campaign must be configured with SSL.

If Unica Campaign application and Listener are configured with SSL options as TRUE, then by default 98 ciphers are supported to enable the SSL communication between Unica Campaign application(Server) and listener.

To disallow weak ciphers from this default cipher list, users can use <SSLCipherList> tag or property in config.xml file.

To remove support of weak ciphers, users must add the following line in config.xml file. It specifies that support to default ciphers excludes AES256-SHA, CAMELLIA256-SHA, AES128-SHA, SEED-SHA, CAMELLIA128-SHA, DES-CBC3-SHA, IDEA-CBC-SHA.

<property name="SSLCipherList"><value>DEFAULT:!AES256-SHA:!CAMELLIA256-SHA:!AES128-SHA:!SEED-SHA:!CAMELLIA128-SHA:!DES-CBC3-SHA:!IDEA-CBC-SHA</value></property>

This disables the above-mentioned ciphers, which are included in <SSLCipherList> tag of config.xml file.

If clients or users do not mention the SSLCipherList tag in config.xml file, then the default cipher list is considered and 98 ciphers are supported.

Note: The listener will not start and the following errors are generated in unica_aclsnr.log file, if users or clients disable any cipher which is required by certificate or browser.

Error enabling SSL connection.

SOCKET BIND port=4664: ERRNO 10048: Unknown error