How to force Control-M for Advanced File Transfer to use a specific TLS Cipher

Version 1
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Control-M for Advanced File Transfer


    COMPONENT:

    Control-M/CM for Advanced File Transfer


    APPLIES TO:

    BMC Control-M for Advanced File Transfer



    QUESTION:

    Control-M for Advanced File Transfer might fail to connect to FTP Server when the FTP Server is configured to use specific TLS Ciphers
    How to force Control-M for Advanced File Transfer to use a specific TLS Ciphers?


    ANSWER:

     

    Perform theses steps to configure Control-M for Advanced File Transfer to use a specific TLS Cipher

    To define the default security level on UNIX:

      
       
    1. Navigate to the following location:<Control-M/Agent home directory>/cm/AFT/data/SSL/cert
    2.  
    3. From a text editor (such as vi), open the aft.plc file.
    4.  
    5. Change the value of the provider_options parameter as follow:
      

                  provider_options=SSLProtocol=TLS1,SSLV3CipherSuite=<list of ciphers>

      

                  where <list of ciphers> is the list of ciphers separated by comma. For example:

      

    provider_options=SSLProtocol=TLS1,SSLV3CipherSuite=rsa_with_rc4_128_md5

      
       
    1. Save and close the aft.plc file
      

                NOTE: If you have an instance of the Account utility (ctmaftacc) running, ensure that you close it and open a new instance in order to allow the change to take effect.

    To define the default security level on Windows:

      
       
    1. Navigate to the following location:<Control-M/Agent home directory>/cm/AFT/data/SSL/cert
    2.  
    3. Open the aft_plc.reg file in a text editing application (for example, Notepad).
    4.  
    5. Change the provider_option parameter as follows:
      


    provider_options=SSLProtocol=TLS1,SSLV3CipherSuite=<list of ciphers>

    where <list of ciphers> is the list of ciphers separated by comma. For example:

      

    provider_options=SSLProtocol=TLS1,SSLV3CipherSuite=rsa_with_rc4_128_md5
     

      
       
    1. Save and close the aft_plc.reg file. Double-click the aft_security_level.reg file to run it.
    2.  
    3. A message is displayed prompting you that you are about to update the registry.
    4.  
    5. Click Yes.
    6.  
    7. When a further message is displayed prompting you that the registry has been updated, click OK again.
    8.  
    9. Restart Control-M/Agent services..

     


    Article Number:

    000028038


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles