When an RMI connection is established between an agent and a server, the agent and server negotiate the protocol and cipher to use.

Each agent and server has a list of protocols and ciphers that it supports. The strongest protocol and cipher that is common to both the agent list and server list is selected for the SSL/TLS channel.

By default, RMI agents and servers are configured to accept only TLSv1 connections with the following ciphers:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_DSS_WITH_AES_128_CBC_SHA