MLLP (embedded) fields

An embedded MLLP server is available after you add an application pickup or a trading pickup that uses an embedded MLLP server. You can change the server’s settings and advanced options.

To change settings:

  1. Select System management > Manage embedded servers.
  2. Alternatively, you can click Trading configuration on the toolbar, click on the Communities page, and then click the link near the bottom of the page named Change an embedded transport server.
  3. From the list of embedded servers, click the name of an MLLP server to open the modification page.
  4. Click Save changes when you are done.

The following are the maintenance fields for an embedded MLLP transport server.

Settings tab (without TLS)

  • Server name – The name for the embedded MLLP server. This can be any name you want.
  • Host – The fully-qualified domain name of the computer on which the embedded server runs. Activator detects this setting; you cannot change it.
  • Port – The TCP port on which the embedded server listens for connection requests.

Settings tab (with TLS)

  • Server name – The name for the embedded MLLP server. This can be any name you want.
  • Host – The fully-qualified domain name of the computer on which the embedded server runs. Activator detects this setting; you cannot change it.
  • Port – The TCP port on which the embedded server listens for connection requests.
  • This server requires client authentication – Select this to use the partner’s certificate to authenticate the partner when the partner connects to the server.
  • Add a TLS server certificate or TLS server certificate – For optional TLS, the server requires a TLS certificate. If the server has a certificate, the name of the certificate is displayed. If the server does not have a certificate, you are prompted to provide one.

Advanced tab

  • Minimum threads – The least number of threads Activator must dedicate to the server.
  • Maximum threads – The most threads Activator can dedicate to the server.
  • Start block character – The decimal byte value to use to identify the start block character. Start and stop block characters enclose the message data that is sent or received in through MLLP messages. At runtime Activator converts this decimal value to hexadecimal. Default = 11 (hexadecimal B). The default value is the customary MLLP value. You must use the same values for the client and server sides of the MLLP exchange.
  • End block character – The decimal byte value to use to identify the end block character. Start and stop block characters enclose the message data that is sent or received in through MLLP messages. At runtime Activator converts this decimal value to hexadecimal. Default = 28 (hexadecimal 1C). The default value is the customary MLLP value. You must use the same values for the client and server sides of the MLLP exchange.
  • Acknowledgement mode – Select an option:
    • Send no acknowledgement – (MLLP version 1 option) Select this option to implement MLLP connections without acknowledgements.
    • Send transport level MLLP acknowledgement – (MLLP version 2 option) Select this option to enable transport-level acknowledgements for connections to this MLLP server.
    • Send synchronous application acknowledgement generated in back end – (MLLP version 2 option) Select this option if you want connections to this MLLP server kept open until an application acknowledgement is generated in the back end.
  • Override SSL and TLS cipher suites – Select this option and then use the Add and Remove buttons to specify the cipher suites supported for the embedded server.
  • If you do not select this option, all cipher suites are supported by default. Keeping the default cipher list is less secure than specifying a restricted set of cipher suites.
  • The cipher suites that are displayed in the "Available" column depend on your runtime environment (JRE version, IACK or FIPS enablement, ....).
  • The default order in the "Available" column is the preferred order of use. Once ciphers are moved to the Selected column, you can arrange the order. Activator uses the ciphers in the order listed.
  • A cipher suite is a collection of security algorithms used in making connections via Secure Sockets Layer or Transport Layer Security. For example, an SSL or TLS protocol requires signing messages using a message digest algorithm. But the choice of algorithm is determined by the particular cipher suite being used for the connection. Typically, you can select an MD5 or SHA digest algorithm.
  • Of the many algorithms for encrypting data and computing the message authentication code, there are varying levels of security. Some provide the highest levels of security, but require a large amount of computation for encryption and decryption. Others are less secure, but provide rapid encryption and decryption. The length of the key used for encryption affects the level of security. The longer the key, the more secure the data.
  • The option for overriding cipher suites lets you select the level of security that suits your needs and enables communicating with others who might have different security requirements. For example, when an SSL connection is established, the client and server exchange information about the cipher suites they have in common. Then they communicate using the common cipher suite that offers the highest level of security. If they do not have a cipher suite in common, secure communication is not possible.
  • In versions of Activator earlier than Activator 5.9, cipher suites configuration was handled by a file named sslciphersuites.xml. As data in that file is saved in the database, the custom cipher suites configuration is retained upon upgrading and is displayed in the Selected list under the option in the user interface. The sslciphersuites.xml file is no longer used.

Related topics

Related Links