Cipher Suites

Configuring ciphers

It is possible to configure the ciphers used by various secure communication enabled features in both BVR and BRM such as Secure SIP, the CCMXL HTTPS server and the Web API. These are configured with a ciphers.ini file which is by default:

Any unsupported ciphers specified in these files will be ignored. The files can be commented by having the first non-whitespace character of a line be the # character. The order of the cipher suites in ciphers.ini determines the order of preference (where the higher preference is at the top of the list).

In order for 2 entities to communicate securely, they must both support the same cipher suites. The entity acting as the server will pick the first common cipher suite that matches. This is usually based on the client's order of preference. For example, if a softphone using secure SIP calls into BVR, the softphone's order of preference is used. If BVR is acting as the client and making a call out to another SIP phone, the SIP phone may pick based on BVR's order of preference or its own - that is up to the server side's implementation. This is why it is recommended that the list of cipher suites is limited to only cipher suites that fulfil your network's security requirements.

The location of the cipher suite file used by BVR, BRM and BAM is configured using the cipher_suites_file configuration option described in Security Configuration Options, Security Configuration Options and/or Security Configuration Options.

Secure SIP has its own cipher suite file configuration option which is set in SIP Security Configuration Options